Security
multi-layer defense
Fraud is top of mind for financial institutions everywhere, as it should be. Jack Henry knows the risk, and we spare no effort mitigating it.
Next-Level Protection
safeguarding fast money movement
In keeping with modern security standards, Banno requires two-factor authentication (2FA) for all users. Built-in Mastercard NuDetect analyzes user behavior, throwing red flags for account entry attempts that could be fraud. And we're doing away with screen scraping by establishing direct API connection with leading data aggregators – this preserves the ability for your accountholders to pass only the information necessary to get the most out of other fintech and encrypting it along the way.
Two-Factor Authentication
meeting the gold standard
2FA has become the gold standard for account login. Banno requires it for all users to neutralize risks associated with compromised passwords, which can be easily purchased on the dark web. And the Banno 2FA options are so easy – for valid users – to pass that they hardly notice it's happening.
double-check identity
Banno platform users must validate login attempts outside the app before they gain access to their account. 2FA is effective, because it asks users to produce something they are or something they have in addition to a username and password that – many times – can be purchased on the black market.
2FA can be achieved on Banno via several options:
One-time passcodes
- SMS text messages
- Voice calls
- Push notifications
- Authenticator apps
- Hard and soft tokens
Security keys (FIDO)
A small, highly secure physical key that, when plugged into a device, serves as an uncompromisable second factor of authentication, ensuring that only users with the key can proceed with login.
Passkeys (Biometric access)
An all-in-one solution that achieves 2FA in a single step because the device being used serves as something the user, has the face or touch ID serves as something they are.
While security keys are the most secure 2FA option (and our number one recommendation for every business user), passkeys with biometric access are loved by users because it puts 2FA into a single step, and there is no threat of losing it – and Banno offers it. Their face or fingerprint is scanned by the device and verifies their identity. All they have to do is be themselves.
Authenticated Conversations
remove barriers to service
Your financial institution's goals around being there for your accountholders whenever and wherever they need you are met by making “omni-channel” seamless. But most means of digital communication are not secure.
2FA means your accountholders are fully authenticated when they're using Banno, which makes Conversations, our secure chat, a safe place for them to talk about account details, sign forms, and even initiate wires without having to drive to a branch. Your business users can even chat with their teammates in this secure channel and make approvals, leaving no room for email phishing fraud.
This seamless authentication promotes a continuous conversation between you and your accountholders, and it's woven seamlessly throughout the banking experience you provide.
NuDetect by Mastercard
automating fraud detection
Jack Henry is fully aware that digital banking account entry is a treasure storehouse for fraudsters. In fact, the Banno platform sees 1,800 invalid logins for every 15 valid logins – per second.
Stop account takeovers
There are three major digital banking events that are attractive to fraudsters for account entry points: account login, account enrollment, and account recovery.
Jack Henry has joined forces with NuDetect by Mastercard to help you leverage user data analytics to define normal, legitimate behavior associated with account entry at your financial institution. Because when your system knows exactly what legitimate behavior looks like, it can identify and block anomalies in a second.
Data Aggregation
sharing only the right information
Behavior follows desire. And users want account connection between their financial apps. That's why screen scraping has become so common from services like Plaid. The practice of screen scraping by third-party fintechs solved a desire held by accountholders: a way to consolidate specific financial information from all of their accounts for easier money management. But the practice of screen scraping means handing over your login credentials to a third-party and allowing them to log in on a user's behalf, with no user control over which information is shared. Sound preposterous? It is. And Jack Henry solves this in a better way.
forget screen scraping
The CFPB is proposing new regulation around screen scraping, and many in the industry are hoping for more time to be able to meet new requirements. Jack Henry has known screen scraping to be a security threat for a long time, so we didn't wait for regulation to do the right thing and get started solving the problem.
Jack Henry has done the hard work to build partnerships on your behalf with all of the major data exchange platforms – Akoya, Finicity, Intuit, MX, Plaid, Stripe, and Yodlee – and we're completely replacing in-bound screen-scraping with direct API connection to easily and securely share only relevant data from user accounts to share with third-party fintechs of the user's choice.
Events
digital security meetup
Ready to learn more about digital security in an engaging and interactive session? Join our Head of Engineering, Chad Killingsworth, on a quarterly call as he discusses all things security-related for our digital banking platform.