MFA Scenarios

Multi-factor Authentication (MFA) is a secure process of authentication which requires more than one authentication techniques chosen from independent categories of credentials. MFA combines two or more types of authentication to provide a better and secure way of authenticating Infinity users to ensure safe banking for the Bank/CU's customers.

Few considerations:

• Digital Banking Platform (DBP) provides only services/API such as generateOTP() and validateOTP()to trigger and validate MFA.
• The bank staff (administrator) sets the MFA scenarios (triggers) and preferences for all customer-facing applications (Retail Banking, Small Business Banking etc.) from Spotlight.

• MFA can be triggered for transactions (money movement-related) or for other specific actions (user profile updates) by the customer in the application, for example:

  • Transactional money movement rules – transfer or payment.

  • Unknown or suspicious device.

  • Suspicious location outside of normal operation or travel.

  • User profile and account change requests.

NOTE: This release covers only money movement transaction-related MFA. Other transaction types will be included in the next release. Though the UI will be designed for transactional (money movement) and non-transactional (user profile update) scenarios in this release, the backend for non-transactional scenarios will be implemented only in the next release.

As a bank staff (administrator or a role with necessary permissions), use the feature to define various trigger points (scenarios) that will present the customer with an MFA challenge to validate the customer's identity and avoid fraudulent activity. 

Menu path: Security & Authentication > MFA Scenarios

The app displays the Multi-factor Authentication Scenarios screen and with a list of scenarios already defined with the following details: Application, scenario type, description, and status.

As a bank staff (administrator or a role with necessary permissions), you can do the following:

• View the list of Scenarios
• Create an MFA Scenario
• Edit an MFA Scenario
• Manage Configurations

View the Authentication Scenarios

All the MFA scenarios are listed in a tabular format with the following details:

• Application - Name of the application to which the MFA is applicable. For example, Retail Banking, Business Banking and more.
• Feature - Displays the name of the application feature to which the MFA is related.
• Scenario Type - Displays whether the feature is a Monetary or Non-Monetary feature.
• Action - Displays the type of action related to the Feature to which the MFA is applicable.
• Status - Displays the MFA status with regards to the feature.

Menu path: Customer Management > Security & Authentication > MFA Scenarios

As a bank staff (administrator), you can do the following from here:

• View the list of authentication scenarios already created with status. By default, the scenarios created for all customer-facing applications are displayed. Select any scenario to view more details.
• Filter the scenarios by application - Business Banking, Consumer Lending, Customer Onboarding, and Retail Banking.
• Filter by status - Active or Inactive.
• Search for a particular scenario by transaction type using the search box.
• Click any scenario and view the description.
• Click Create Scenario to add a scenario.
• Click MFA configurations to view and manage existing MFA.
• Edit the required scenariofrom the context menu.
• Activate/Deactivate depending on the current status from the respective scenarios context menu.
• Delete the required scenario from the context menu.

Create an MFA Scenario

Use the feature to create an MFA scenario.

Menu path: Security & Authentication > MFA Scenarios > Create Scenario

Message Content Template when Secure Access Code is selected as an MFA Challenge Type

Add the following details. All fields are mandatory unless specified otherwise:

• Status. Set the status as active or inactive. All scenarios are active by default once created.

Scenario Details

• Application. Scenarios are to be set up application-wise. Select an application from the list for which the scenario is created. The applications are:
  • Business Banking
  • Consumer Lending
  • Customer Onboarding
  • Retail Banking.
  • Retail and Business Banking
• Scenario Type. Select the scenario type as transactional (money movement) or non-transactional (user profile update).
  • Monetary - Select the transaction type and frequency from the respective lists.
    • Action - Select from the list of all available money movement transactional services for the selected application.

    • Frequency - Always and Value Based. If it is Value Based, enter the Value Above amount. The customer will be presented with an MFA challenge if the transaction amount is more than the Value Above amount. The value is non-zero and the maximum value allowed is 999999999999.

      NOTE: Currency is in dollar, by default. Any internationalization for other geographies is automatically handled.

  • Non Monetary - Select the Activity Type from the list.
• Description. Enter the unique scenario description in the box. Alphanumeric characters up to 100 characters are accepted. Duplicate and identical names cannot be created.

Following is the list of MFA scenarios that are available out of the box.

Scenario	Description
INTRA_BANK_FUND_TRANSFER_CREATE	Create Intra Bank Fund Transfer
USERNAME_UPDATE	Profile Management -Username Update
CARD_MANAGEMENT_ACTIVATE_CARD	Card Management- Lock Card
CARD_MANAGEMENT_REPLACE_CARD	Card management-replace
DOMESTIC_WIRE_TRANSFER_CREATE	Wire transfer
CARD_MANAGEMENT_UNLOCK_CARD	Card management-unlock
INTER_BANK_ACCOUNT_FUND_TRANSFER_CREATE	Interbank transfer
INTERNATIONAL_WIRE_TRANSFER_CREATE	OTP
CARD_MANAGEMENT_CHANGE_PIN	Card Management-Change Pin
BILL_PAY_CREATE	Retail Banking - Bill Pay
PAY_MULTIPLE_BENEFICIARIES_CREATE_TRANSFER	Pay Multiple Beneficiaries
CARD_MANAGEMENT_CANCEL_CARD	Card Management-Cancel Card
CARD_MANAGEMENT_LOCK_CARD	Card Management- Lock Card
PASSWORD_UPDATE	Profile Management Password Update
INTERNATIONAL_ACCOUNT_FUND_TRANSFER_CREATE	International transfer
TRANSFER_BETWEEN_OWN_ACCOUNT_CREATE	Create internal transfer
LOGIN	Login
P2P_CREATE	MFA transaction
ACH_PAYMENT_CREATE	MFA transaction
ACH_COLLECTION_CREATE	MFA transaction
ACH_FILE_UPLOAD	MFA transaction

MFA Challenge Type

NOTE: Each scenario will have a primary and secondary MFA type. In case only MFA option is implemented by the Bank, the secondary option is not applicable and this field will be non-editable, read-only, and describing the MFA name.

• Primary - Select the primary authentication factor from the list of currently active and enabled MFA options (secure access code or security questions).

• Backup - Select the secondary authentication factor from the list. This will be used in case the customer has not configured the primary challenge type yet (for example, the user has not chosen the security question). The secondary challenge will be different from the primary challenge.

  NOTE:

  • If Secure Access Code is selected as a challenge type, the app displays the message content template for SMS and Email channels. The app will send the access code through these channels.
  • Variable Reference - Account Number, OTP, Payee Name, Server Date, Server Time, Transfer Amount.

Review the information and click Create to save the MFA scenario.

Edit an MFA Scenario

Use the feature to edit the details of the selected MFA scenario.

Menu path: Security & Authentication > MFA Scenarios > Edit option on context menu

The edit screen is similar to the create a scenario screen with provision to modify the details.

All validations applicable while creating an MFA scenario are applicable while editing.

Make the required changes and click Update to save the details.