Security

Engagement exports help you know who, when, and how often end users sign-in to your app or enroll in digital banking.

Potentially compromised

Know when an end user’s account might have been compromised by downloading the Potentially compromised report. If credential stuffing was detected, this report displays end user information where a username and password were successfully entered, but completing 2FA to log in was unsuccessful—likely due to inaccessibility to the end user’s device that received the 2FA code.

Unverified 2FA

Know when an end user’s account might have been compromised by downloading the Unverified 2FA report. If an institution requires end users to enroll in 2FA using a phone number matching core, this reports displays end user information when they submit a phone number that doesn’t match core. When an end user hasn’t enrolled in 2FA before and is prompted to, entering a mismatched phone number to receive a 2FA code can occur in one of the following scenarios:


• Account enrollment
• Account login
• Account recovery

What do the exported fields mean?

Based on the export selected and data available, several of the following fields are shown in the report. In alphabetical order, the possible fields for Security reports include:[^2]

Auth Method

This field is no longer used and will be removed from the report with the next release.

Challenge type

After the end user successfully entered their username and password, they were prompted to complete one of the following challenges before logging in to the app: verify 2FA (most common challenge type), set up security questions, change username, change password, or no challenge was given and the user was allowed to login.

CIF #

The Customer Information File (CIF) number, Epysis account number, or Epysis member number displays. This field does not apply to credit union customers and displays as an empty value.[^3]

Default Delivery Method

This field is no longer used and will be removed from the report with the next release.

Device ID

An identification number generated by Banno to tag the device used for login.

E-mail

The email address associated with the username and password used for attempting login(s).

Enrollment Email

This field is no longer used and will be removed from the report with the next release.

Enrollment Phone

The phone number the end user used to enroll for 2FA.

IP

A series of numbers identifying the network IP address of the end user or attacker that attempted logging in.

Login timestamp

The date and time in which the username and password were successfully entered.

Netteller ID

An end user’s assigned digital banking ID for NetTeller associated with the username and password used for attempting login(s). [^3] The formatting of this field varies depending on the program used to view the CSV. If the field does not appear correctly, or if it shows the same NetTeller ID for each end user, try increasing the column width or changing the column format to number and making sure the number of decimal places is set to zero. Not every institution has NetTeller IDs assigned to end users, because some institutions migrated to Jack Henry without ever using NetTeller. Other institutions transitioned away from not using NetTeller, so end users may or may not have an ID. If this field is not applicable (empty) for all end users in the export, the column doesn’t display.

Phone

The phone number in the core associated with the username used for attempting login(s).

Rate limited count

The number of times an end user attempted to login with the username and password from the IP address. The higher the number, the more likely credential stuffing occurred.

Timestamp

The time and date the username and password were successfully entered.

User ID

The Banno ID associated with the end user’s username and password used for attempted login(s).

Username

An end user’s digital banking username used for attempted login(s).

FAQ