Business Online Banking Dual Authorization FAQs


What is Dual Authorization?

Dual Authorization (Dual Auth) is an internal security tool that allows small business banking customers to require certain types of activities and transactions to have a second user's credentials approve a submitted transaction.

Back to top

How does a customer sign up for Dual Authorization?

The enrollment form is available on the internet for download and on the banks website for branches. The customer will receive an email notification that the service has been set up.

Back to top

What types of Transactions can be covered by Dual Auth?

  • Internal Transfers
  • Transfers to a Friend account
  • Stop Payments
  • ACH Direct Deposits (when enrolled)
  • ACH Tax Payments (when enrolled)
  • Online Wire Payments (when enrolled)
  • User Entitlements (Requires at least 2 Company System Administrators (CSA's))
    *Note – Dual Authorization is NOT available for Billpay transactions at this time.

Back to top

Is Dual Auth required?

Use of certain features may require use of Dual Auth or other security features such as Enhanced Account Protection. At this time, only enrollment in Online Wires requires the use of either one of these two security features.

Back to top

Does Dual Auth cost anything?

No – this feature has no cost. However, certain products and features that may have costs or fees associated with them may require the use of Dual Auth or other security features such as Enhanced Account Protection.

Back to top

How does it work?

With Dual Auth turned on, selected types of requested transactions or activities won't be executed or take effect until a second user's credentials are used to approve the item. The second user must be designated as an "Approver."

For example, User A creates a transfer request between two accounts. User B (previously designated as an Approver) would then log into Online Banking, and go to the Transfer Center. The transfer created by User A would show as "Pending Add Approval". User B can then select that transfer request, and then either Approve or Deny the transfer request according to their business policies.

Back to top

How does an Approver know there are transactions that require approval?

Users can set up Alerts inside Online Banking (Home/Alerts & Messages/Manage Account Alerts) so they will receive an email when a transaction requires approval or has expired without approval:

Screenshot of how to set up Alerts inside Online Banking

When logging in to Online Banking, the Info Center on the My Bank page will display any pending approvals.

By default the Info Center is collapsed:

Screenshot of Info Center collapsed

Clicking on the down arrow on the right side expands the Info Center:

Screenshot of Info Center expanded

Clicking on one of the links above will direct the user to the appropriate screen to select the transaction for review and approval.

Direct communication between the user that created the transaction and an Approver.

Back to top

Can the initiating user's credentials be used to approve the same transactions?

No – an approver's credentials cannot be those of the person that created or modified the transaction. It's best to have at least two users designated as having approval authority.

Back to top

Does an Approver also have to be a Company System Administrator (CSA)?

For most types of approvals, an Approver does not have to be a CSA. However, companies that choose to use Dual Auth for User Entitlements must have at least two (2) CSA's, since any User Entitlement change must be executed by one CSA and then approved with a different CSA's credentials.

Back to top

How is Dual Authorization different than Enhanced Account Protection (EAP)?

Both are internal security controls for your online banking activities.

  • By its nature, Dual Authorization requires at least two users, and gives the additional control where transactions submitted by one user's credentials must be approved with a second user's credentials.
  • EAP, on the other hand, can be used by single-user companies as well as multi-user companies. EAP provides a text message code to your phone which you must enter into online banking to complete the requested transaction. If someone other than you tries to use your credentials to create transactions, your phone will receive the text message with the code. Also, fraudulent users can't change your telephone number without you being sent a code to alert you if someone is attempting fraud on your accounts.

Back to top

Can a customer have more than two approvers?

Companies can have as many approvers as desired. On a per transaction basis, we are supporting only the requirement for one approver per transaction at this time. We may support multiple approvers per transaction in the future.

Back to top

How does Dual Auth work in Mobile Banking?

Transactions can be created in Mobile Banking under services that use Dual Authorization, such as Internal Transfers, Transfers to a Friend, and External Transfers; however, approvals for those transactions would need to be made by an Approver logging into the Online Banking application. There is no support for transaction approval to be given through Mobile Banking at this time.

Back to top

How does the company change which users have the ability to approve transactions?

A Company System Administrator (CSA) can grant or remove the Approver designation for any user within Online Banking, by accessing the Admin tab on the main menu. By clicking on the user name, the CSA can then check or uncheck the Approver flag as desired. If Dual Auth is also turned on for User Administration, any changes to a user profile must then be approved by a second CSA's credentials.

Back to top

Is there a dollar limit for dual authorization?

There is no dollar limit associated with dual authorization. Some features such as ACH and Online Wires may have dollar limits associated to them regardless of whether Dual Auth is used or not.

Back to top

When the service is enabled, how will the client know that it has been turned on and that "Approver" designation can be assigned?

Initial enrollment will include identification of the Approvers; the operations team responsible for setting up the Dual Auth feature will advise the company by email that the service has been turned on.

Back to top

Is there any option to pick and choose which accounts would require Dual Authorization?

No. Dual Authorization can only be set up by feature (Internal Transfers, Transfers to a Friend, ACH Payroll, etc.) not by account.

Back to top

Is Dual Authorization enabled in the Branch Enrollment Tool?

Not at this time. Enrollment will be completed through online/paper forms. An evaluation of whether to add the options within the BET enrollment process will be made after we've developed some history with a wider use of the feature.

Back to top

What happens if a CSA deletes the only other user with Approver status?

Unfortunately, this can happen, and there is no warning advising the CSA that removal of the only other Approver would result in transactions that could not be approved and therefore would never get executed. The transactions would continue to show as requiring approval; this would alert the CSA that there are outstanding approvals. To remedy the situation, the CSA could give another user Approval status, or create a new user with Approval status; otherwise the CSA would need to contact the bank or the Customer Contact Center for assistance.

Back to top

Can a customer opt out of Dual Authorization if they decide it's not working for them?

Yes. They would need to contact the bank or Customer Contact Center to have the feature disabled. The customer could also send a Secure Message inside Online Banking to request disabling of the Dual Auth feature. If they are enrolled in Online Wires, they would need to begin using Enhanced Account Protection instead.

Back to top

Download the PDF version