Business Online Banking Dual Authorization FAQs
- What is Dual Authorization?
- How does a customer sign up for Dual Authorization?
- What types of Transactions can be covered by Dual Auth?
- Is Dual Auth required?
- Does Dual Auth cost anything?
- How does it work?
- How does an Approver know there are transactions that require approval?
- Can the initiating user’s credentials be used to approve the same transactions?
- Does an Approver also have to be a Company System Administrator (CSA)?
- How is Dual Authorization different than Enhanced Account Protection (EAP)?
- Can a customer have more than two approvers?
- How does Dual Auth work in Mobile Banking?
- How does the company change which users have the ability to approve transactions?
- Is there a dollar limit for dual authorization?
- When the service is enabled, how will the client know that it has been turned on and that "Approver" designation can be assigned?
- Is there any option to pick and choose which accounts would require Dual Authorization?
- Is Dual Authorization enabled in the Branch Enrollment Tool?
- What happens if a CSA deletes the only other user with Approver status?
- Can a customer opt out of Dual Authorization if they decide it’s not working for them?
Dual Authorization (Dual Auth) is an internal security tool that allows small business banking customers to require certain types of activities and transactions to have a second user's credentials approve a submitted transaction.
The enrollment form is available on the internet for download and on the banks website for branches. The customer will receive an email notification that the service has been set up.
- Internal Transfers
- Transfers to a Friend account
- Stop Payments
- ACH Direct Deposits (when enrolled)
- ACH Tax Payments (when enrolled)
- Online Wire Payments (when enrolled)
- User Entitlements (Requires at least 2 Company System Administrators (CSA's))
*Note – Dual Authorization is NOT available for Billpay transactions at this time.
Use of certain features may require use of Dual Auth or other security features such as Enhanced Account Protection. At this time, only enrollment in Online Wires requires the use of either one of these two security features.
No – this feature has no cost. However, certain products and features that may have costs or fees associated with them may require the use of Dual Auth or other security features such as Enhanced Account Protection.
With Dual Auth turned on, selected types of requested transactions or activities won't be executed or take effect until a second user's credentials are used to approve the item. The second user must be designated as an "Approver."
For example, User A creates a transfer request between two accounts. User B (previously designated as an Approver) would then log into Online Banking, and go to the Transfer Center. The transfer created by User A would show as "Pending Add Approval". User B can then select that transfer request, and then either Approve or Deny the transfer request according to their business policies.
Users can set up Alerts inside Online Banking (Home/Alerts & Messages/Manage Account Alerts) so they will receive an email when a transaction requires approval or has expired without approval:
When logging in to Online Banking, the Info Center on the My Bank page will display any pending approvals.
By default the Info Center is collapsed:
Clicking on the down arrow on the right side expands the Info Center:
Clicking on one of the links above will direct the user to the appropriate screen to select the transaction for review and approval.
Direct communication between the user that created the transaction and an Approver.
No – an approver's credentials cannot be those of the person that created or modified the transaction. It's best to have at least two users designated as having approval authority.
For most types of approvals, an Approver does not have to be a CSA. However, companies that choose to use Dual Auth for User Entitlements must have at least two (2) CSA's, since any User Entitlement change must be executed by one CSA and then approved with a different CSA's credentials.
Both are internal security controls for your online banking activities.
- By its nature, Dual Authorization requires at least two users, and gives the additional control where transactions submitted by one user's credentials must be approved with a second user's credentials.
- EAP, on the other hand, can be used by single-user companies as well as multi-user companies. EAP provides a text message code to your phone which you must enter into online banking to complete the requested transaction. If someone other than you tries to use your credentials to create transactions, your phone will receive the text message with the code. Also, fraudulent users can't change your telephone number without you being sent a code to alert you if someone is attempting fraud on your accounts.
Companies can have as many approvers as desired. On a per transaction basis, we are supporting only the requirement for one approver per transaction at this time. We may support multiple approvers per transaction in the future.
Transactions can be created in Mobile Banking under services that use Dual Authorization, such as Internal Transfers, Transfers to a Friend, and External Transfers; however, approvals for those transactions would need to be made by an Approver logging into the Online Banking application. There is no support for transaction approval to be given through Mobile Banking at this time.
A Company System Administrator (CSA) can grant or remove the Approver designation for any user within Online Banking, by accessing the Admin tab on the main menu. By clicking on the user name, the CSA can then check or uncheck the Approver flag as desired. If Dual Auth is also turned on for User Administration, any changes to a user profile must then be approved by a second CSA's credentials.
There is no dollar limit associated with dual authorization. Some features such as ACH and Online Wires may have dollar limits associated to them regardless of whether Dual Auth is used or not.
When the service is enabled, how will the client know that it has been turned on and that "Approver" designation can be assigned?
Initial enrollment will include identification of the Approvers; the operations team responsible for setting up the Dual Auth feature will advise the company by email that the service has been turned on.
No. Dual Authorization can only be set up by feature (Internal Transfers, Transfers to a Friend, ACH Payroll, etc.) not by account.
Not at this time. Enrollment will be completed through online/paper forms. An evaluation of whether to add the options within the BET enrollment process will be made after we've developed some history with a wider use of the feature.
Unfortunately, this can happen, and there is no warning advising the CSA that removal of the only other Approver would result in transactions that could not be approved and therefore would never get executed. The transactions would continue to show as requiring approval; this would alert the CSA that there are outstanding approvals. To remedy the situation, the CSA could give another user Approval status, or create a new user with Approval status; otherwise the CSA would need to contact the bank or the Customer Contact Center for assistance.
Yes. They would need to contact the bank or Customer Contact Center to have the feature disabled. The customer could also send a Secure Message inside Online Banking to request disabling of the Dual Auth feature. If they are enrolled in Online Wires, they would need to begin using Enhanced Account Protection instead.