FAQs

Grip’s security standards are equal to or greater than that of the most qualified financial institutions. RSM McGladery has audited our company operations since 2008, providing customers with results from Information Security Audit, Penetration Test, Internal Control, Service Organization Control and a Financial Compilation to comply with Gramm-Leach-Bliley Act (GLBA) requirements.

You may also view our security white paper, 7 Tips to Keep Financial Apps Safe & Secure to better understand the measures we take in securing our apps.

This would not affect the security of Grip. Grip only posts the information that the financial institution gives us. If there is a breach at another institution, the end user may be required to update their password and re-authenticate the new password in Grip.

No. Aggregated financial information is solely for the end user and will not be shared among other financial institutions.

Banno takes full responsibility for compliance standards to the Grip application and we follow the Federal Financial Institutions Examination Council (FFIEC) IT examination handbook. We have utilized RSM McGladery to audit our company operations since 2008, providing customers with results from Information Security Audit, Penetration Test, Internal Control, Service Organization Control and a Financial Compilation to comply with Gramm-Leach-Bliley Act (GLBA) requirements.

Due to the nature of this content, please contact Banno for our TSP Due Diligence Packet. Banno is not PCI-DSS (Payment Card Industry Data Security Standard) compliant because we do not store any cardholder data nor do we process, store or transmit cardholder data. Although some institutions use the card number as a username, our system never holds the relevant data (name on card, billing address, CCV number, expiration data) that would allow a card to be used in a purchase.

Grip is hosted on the most secure, compliant servers available to Internet and mobile banking. Our U.S.-based, world-class, Tier-3 data centers are N+1 redundant, enabling us to provide maintenance to the infrastructure and handle hardware outages without any degradation to performance. RSM McGladery has audited our company operations since 2008, providing customers with results from Information Security Audit, Penetration Test, Internal Control and a Financial Compilation to comply with Gramm-Leach-Bliley Act (GLBA) requirements.

You may also view our security white paper, 7 Tips to Keep Financial Apps Safe & Secure to better understand the measures we take in securing our apps.

Banno’s aggregation engine is able to extract the photo in question and send it back to the phone for user interaction. The user types the name or description of the image or the text designated in the captcha and submits the text back to our platform. If the user enters the wrong data we will allow one retry before requiring the user to re-enter their authentication credentials.

When the user first accesses the application they will be required to fully authenticate into online banking. The user is then required to setup a pin code. With a four digit pin, the user can see overall cash balance, and upcoming bills. If a user were to enter the wrong pin code three times, all data on the device is removed and the user will be required to re-authenticate into online banking. In order to move money (bill pay or A2A) the user will be required to answer a challenge phrase completing multifactor authentication.

When the app is launched it connects to your Internet banking website (through the Internet) and securely logs in with the user's credentials. These are the same credentials they use on your website. They are also the same credentials the user provides on initial app setup.

As the user enters their passcode to use the app, the app logs into Internet banking, pulls down the latest balance updates and displays that information back on the dashboard of the app. The app then looks at transactions and streams that data back to the transactions screen of the app. This all happens quickly and securely.

If the user is aggregating other accounts from external institutions, the same process takes place for each account. This action works in parallel so all the data from each account can be streamed back to the app simultaneously.

In other words, the app is simply logging in to each Internet banking site on behalf of the user, gathering the user's data and displaying that data back inside the app.

Securing a service such as ours requires deep technical expertise and execution as well as operational compliance and stringent process controls. From a purely technical perspective there is no additional risk introduced to existing access to financial institutions online banking system. However, risk is introduced by adding a mobile device to the equation. We believe the best defense is a layered defense. From the beginning we have employed a layered security approach in our architecture and it starts with the device.

All data on the device is encrypted. We use OAuth 2.0, so we do not store usernames or passwords on the device. All data exchanged from the device goes out over an encrypted connection (SSL) using the OAuth encrypted token to authenticate with our services layer. Our services layer employs a layered approach as well so all requests get routed over encrypted channels through multiple, layered DMZs where ultimately account data is encrypted at the hardware level.

When our system encounters a question that it doesn't know the answer to it will prompt the user for the answer and verify it in online banking. Once our system has answers to the questions, these questions are suppressed when accessing online banking for Grip. Upon signup, during the first several uses, our system will collect the answers for each question as we encounter them.

Financial institutions are responsible for the customer’s account information (username, password, account details). Banno will support all of the application setup and any ongoing technical app-related questions.

Customer service demands should not increase from your current Internet banking needs.

Your institution will have direct access to the Banno technical support team, as will the consumer for app-related technical issues.

The user will be alerted through the app that their password is invalid. The user will be instructed to reset their password through Internet Banking. Once their password is updated in Internet Banking, the user can fix their password in the app and return to normal use.

Banno will make your app available to selected individuals within your institution and train them on features and functionality. This app is very intuitive and requires minimal training. Our how-to videos, training content and FAQs will also be available for use on your institution’s website.

Grip is a native mobile app providing users with secure single sign on, while avoiding the need to log in to several different sites just to obtain a thorough financial picture. Through your fully branded app, your financial institution empowers users to aggregate all of their financial accounts. Grip gives users complete, up-to-the-minute access to their top mobile demands: balance updates, transaction records, bill pay, branch and location information, account-to-account funds transfers, and more.

Your branded app will be available for download through the Apple App Store and Google Play.

To schedule a full demo of Grip contact us .

Contact a Banno account executive to learn about our most recent deployments and latest mobile research.

Contact a Banno account executive. They can explain the full details of the Grip contract.

Currently, we have no plans to increase the cost of Grip. We will continue to add selected features on an ongoing basis.

Contact a Banno account executive. They can explain the full details of the Grip contract.

Financial institutions will have access to an admin dashboard which displays baseline analytics for usage and billing.

No. According to the contract, this is not allowed. Although the app is “purchased” through an app store, there will be no fee associated with it.

Typically, we can have a financial institution up and running with Grip within five weeks. However, this timeline is dependent on the financial institution’s ability to fulfill each requirement of our on-boarding process. After your app is live in the app store, we recommend a soft launch with a select group of employees at your institution prior to a full release to the public.

The app will be published by your financial institution with your name.

Banno provides a complete, easy-to-understand on-boarding packet that explains this process. Our team will be available every step of the way to walk through any questions you may have.

Banno will make your app available to selected individuals within your institution and train them on features and functionality. This app is very intuitive and requires minimal training. Our how-to videos, user guide and FAQs will also be available for use on your institution’s website.

Each financial institution is responsible for promoting the app among its Internet banking consumers. Banno will provide the content necessary to support your advertising and marketing endeavors.

Financial institutions can send messages to the dashboard of the app. This area is formatted as HTML and can include text, images and links.

Yes. The cost for Google Play is $25 as a one time fee. Apple cost $99 per year. These fees are charged directly to your institution because the apps will be submitted under your developer account.