About STCU
What's a credit union?
STCU's story
Financial strength
People in charge

Get involved
Be an STCU member
Join STCU's Kids Club
Follow STCU's teens blog
Work for STCU
Be a business partner

Power of cooperation
Member classifieds
Community involvement

News and events
Newsroom
Events calendar
STCU deals
STCU Member News
We're on Twitter

Our promises
Our privacy pledge
Your member rights

Security on steroids

Users get our ironclad guarantee against fraud

[July 29, 2010]

A new security feature is coming August 24 to STCU online banking, and we’re so confident of its power to protect your accounts that we’re boldly making this guarantee:
 
Use it, and STCU will assume all liability for any online fraud that should ever happen to your account.

That’s right, your liability is zero, as long as you protect the privacy of your password and take advantage of the full strength of our easy-to-use “multifactor authentication” (MFA).

As you know, we rolled out a new online banking system in June and July, offering services like account alerts, and making it easier than ever to make online transactions.
 
That new system already is secure, requiring longer, more complex passwords, for instance. MFA is an added safeguard – kind of like locking the doors on a car while it sits in a padlocked garage protected by guard dogs.
 
The new security features differ from those that are familiar to longtime users of online banking. Members will no longer install or renew digital certificates on their computers, or be asked to remember the answers to secret questions. (Did I say my favorite vacation was Disneyland or Yellowstone?)
 
Your first login on any computer starting August 24 will take a few extra steps. You’ll want to be near your phone or have access to your e-mail account.
 
When you logon that first time, you’ll be prompted to choose from the delivery options you’ve previously listed in online banking – phone numbers and e-mail addresses – for delivery of a six-digit secure access code. (Don’t bother memorizing that code; it’s only valid for 30 minutes.)
 
You’ll be prompted to enter that code within online banking. Then, you’ll have some new options. You can:

• Choose to use a secure access code every time you logon with that particular computer or browser.
  Use this option with “public” computers, such as those at libraries or internet cafes. Or, use it with all computers if you are especially concerned about security.
• Permanently register your private computer at home and work.
  Thereafter, you’ll need only your member ID and password to access online banking from those computers.
  Note: Don’t use this option with public computers.

“For folks willing to commit to these highest levels of security, we have their backs, financially,” with our ironclad guarantee against fraud losses, said Dale Davaz, STCU director of e-business.
 
But, there is a third option, for members who are more concerned about convenience and flexibility.

• After using MFA once to access online banking using either of the two options above, you can quickly set up a four- to 10-character “challenge code.” That code, along with your member ID and password, can be used to logon from any computer at any time.

The challenge code is a bit less secure than the other options, so you’ll want to use a bit of caution to assure your computer is protected from malware and viruses. And some features of online banking won’t be accessible when using a challenge code.
 
“Given this variety, we hope that everyone finds an option that matches their preferences for extra security or greater convenience, whichever is most important to them,” Davaz said.

Establishing a challenge code

After logging on to online banking using a secure access code, you can establish a challenge code that will allow you limited access from any unregistered computer. That's particularly useful when you don’t have access to your phone or e-mail account for receiving a secure access code. Setting up and sharing a challenge code will also be a requirement for certain personal financial management tools like Yodlee that log into online banking on your behalf to get your transactions and balances, once they've updated their scripts for doing so.

Keep in mind that using a challenge code is slightly less secure than using a secure access code. We can't extend our normal security guarantee when you share your challenge code along with your member ID and password to third-party services. And you won’t be allowed to register computers or manage your secure delivery contacts when using a challenge code during the login process.

Here’s how to do it:

Members needing extra assistance logging on starting August 24 are encouraged to call the credit union at (509) 326-1954 in Washington; (208) 619-4000 in Idaho, or (800) 858-3750 toll-free, or use LiveChat.