Taking Steps to Protect Your Online Security
Two Factor Authentication hast been implemented!

The Federal Financial Institutions Examination Council, which includes both the NCUA and FDIC, is recomending that all financial institutions implement two-factor authentication by December 31, 2006. Two-factor authentication is an additional layer of online security that provides a second factor of verification to protect your online identity.

OECU has implemented a two-factor authentication system on our eBranch login. When you log-in to eBranch, you will sign-on using your user ID and password as you normally do.  Thereafter, you will receive a screen asking you to validate your current, available e-mail address so that your matrix may be sent to you.

When two-factor authentication is enabled for your account, select the e-mail address to which you want your matrix delivered.  Within a few minutes of validating your e-mail address, you will receive your unique matrix in your Inbox at the e-mail address you selected. Upon receiving your matrix, you may log-in to eBranch again using your same user ID, password and now the three new matrix coordinates requested on your screen.

What are the different factors of authentication?
1. Something you know, such as a sign-on ID or user name and a PIN or password.
2. Something you have, such as a SmartCard, random number token, or special software
3. Something you are, such as a personal attribute like a fingerprint or retinal scan.

Two-factor authentication offers identity theft protection by making it difficult for attackers to steal a members online identity. Traditional authentication use username and password pairs to authenticate users. This provides minimal security due to most passwords being easy to guess.

Typical passwords are static and easy to steal, break or crack. Many passwords that are used to access sensitive information are written on post-it notes and often reflect the users birthday, anniversary or other family related event.

Using a second factor dramatically increases the difficulty to a perpetrator to access a member's account online and perform fraudulent transactions with it or steal vital personal information.

What are the member benefits?
1. Provides protection against Phishing, Pharming, Spyware, Trojan Horse and Keystroke recorders.
2. Matrix values are ONLY known to the member.
3. Replacements of the matix are provided as needed via e-mail directly to the member's e-mail address.

What is a matrix?
A matrix is a bingo-like card containing a grid pattern of numbers and letters.  Along with your user ID and password, this matrix will be required to log-in to eBranch to verify your identity. A particular value will be identified by its column and row coordinates. 

Sample of a matrix:
A particular value is identified by its column and row coordinates.  For example, the value at coordinate D3 is 4.

 Twofactorimage1.gif

How do I obtain a matrix?
Matrices are delivered via a valid e-mail address.  The first time you log-in to eBranch you will enter your sign-on ID and password as you normally would.  Next, an e-mail validation page will appear.  The screen will display your current home and/or work email address(es).  You will need to confirm a current e-mail address for the matrix to be delivered. The two-factor authentication matrix is e-mailed to the selected email address. Look for an e-mail in your inbox from OECU.

Retrieve and store your two-factor authentication e-mail.  Now you may sign on to eBranch, entering your sign-on ID, password and coordinates requested from your matrix.

What if I don't receive the e-mail containing my matrix?
The e-mail will come from OECU. If you don't see or receive the e-mail, please first check your "junk" inbox or your email spam filters. If you still have any questions or problems, please contact us at 405-606-OECU.

Can I have the matrix delivered to more than one e-mail address?
No.  Matrices are only delivered to one (1) e-mail address.

May I request a new matrix?
Yes.  If your matrix is lost, stolen or damaged or you simply would like a new matrix for whatever reason, you may request a new matrix at any time. The eBranch sign-on page allows members to request a new matrix without having to contact OECU.

What if I provide incorrect matrix values during my log in?
You will receive an alert/error message. Simply re-enter the new coordinates as requested.

What if I receive an alert/error message screen?
If your sign-on ID and password are invalid when requesting a new matrix, an alert/error message display indicating the sign-on ID and password are invalid.  You may attempt to request a new matrix again.  After three (3) invalid attempts to request a new matrix, you will be locked out.  Please contact us at 405-606-OECU.

What if I lock myself out of eBranch when using the matrix?
1. Simply select "Request a New Matrix" on the sign-on page; or
2. Send us a message using our secure web form ; or
3. Contact OECU at 405-606-OECU.

As a member of OECU, am I required to use two-factor authentication?
All financial institutions are recomended to implement two-factor authentication by December 31, 2006. All OECU members will be required to use the two-factor authentication method when logging in to eBranch.  You may not opt-out of two-factor authentication.

Once I receive a matrix, do I have to use it to log-in to eBranch every time?
Yes.  You will be required to use the matrix each time you log-in to eBranch.  Each time you log-in, you will be asked for a different combination of coordinates from your unique matrix.

May multiple eBranch users share the same matrix?
Passwords, sign-ons and matrices should never be shared for security reasons. Each eBranch user should have his or her own sign-on ID, password and matrix to access eBranch.

Is there a charge for the two-factor authentication?
No. This enhanced eBranch security feature is provided free of charge. 

Why the change?
We value your privacy and the protection of your identity. Two-factor authentication provides added security against identity theft, phishing, spyware and other online scams. And as of December 31, 2006, all financial institutions must implement a higher level of security.

FDIC Web Site - Learn to Protect Your Identity