High-risk actions

A user can do a lot with Banno Apps and Banno Enterprise, but not all actions are created equal. Some actions are more risky than others, such as transfers to an external institution. For instances that could compromise the security of your users’ accounts, Banno apps require an extra level of authentication. We call these actions “high-risk actions.” Want to know what actions are included and how it works? Read on.

High-risk authentication

When Banno Apps and Enterprise detect a high-risk action, the user is prompted to perform the action configured by the financial institution. The user must complete the configured challenge before continuing the high-risk action. After a high-risk action is completed, an email is sent to the email address on file for the account.

Index of high-risk actions

All users

• Change password
• Change username

Banno Mobile/Online only

• Edit username
• Edit user address (Credit unions only, when selected for banks this starts a Conversation)
• Edit user email
• Edit user phone number
• Reset 2FA
• Remove device Note: Enforced as a high-risk action on Banno Online™ as of June 2024 and on Banno Mobile™ beginning with version 3.14, which is currently slated for release by mid July.
• Add an external or aggregated account
• Add Bill Pay payee
• Update Bill Pay payee
• Add an external transfer account
• Access the iPay SSO
• External transfer over a given amount, if configured
• Enroll in Symantec
• Zelle
  • Payments to a first time contact
  • Accept a request for payment
  • Create a contact
  • Add a recipient

Enterprise only

• Change 2FA settings, including reset for a user
• Manage security settings

Banno Business only

• Create new business users
• Initiate ACH batches
• Initiate wires
• Update business phone number
• Update business email address

High-risk actions on a new device

Within the Security section of Banno People (only available to users with the Manage security settings permission), there are three choices for handling high-risk actions on a new device:

Allow all high-risk actions on new devices

With this option selected, there is no additional security added to performing a high-risk action on a new device. So long as the user has the means to pass the high-risk challenge, they can perform all actions immediately on a new device.

Waitlist new devices from high-risk actions for 7 days

With this option selected, new devices are prevented from making high-risk actions, provided the end user has another device that has been registered for over 30 days. These devices are prevented from performing these actions for 7 days — or until they contact your financial institution and request the device be manually unblocked. This does not prevent net-new users from performing high-risk actions on their devices.

Block high-risk actions on all devices

With this option selected, all high-risk actions are blocked indefinitely for new devices. New devices can only be unblocked by contacting your financial institution to unblock the new device. This option includes a date selector, with the current date selected by default. This represents the date after which all newly enrolled devices will be blocked. This is best used when an intrusion attempt occured several days prior, allowing your financial institution to block all devices enrolled after a certain date.

Unblocking high-risk actions

Blocked devices can be unblocked via the end-user’s profile in Banno People. When an end user has a blocked device, an alert will display at the top of their profile notifying you that the user has devices blocked from completing high-risk actions.
You can access their devices by clicking the button on the notification or via the security tab. Each blocked device has a subscript notifying you that the device is blocked, alongside a link to allow the device.

High-risk action FAQ