Resource Center

One Time Passcode Provides Another Layer of Protection against Cyber Fraud

Every day, fraudsters around the world target companies like yours, using the Internet in various ingenious ways, aiming to hijack your financial transactions and empty your bank accounts. Cyber crime is organized, growing and responsible for millions of dollars in business losses. So how do you protect your company?

Unfortunately, there is no single solution that provides 100% protection against cyber fraud. There is no magic bullet that will promise to effectively defend against account takeovers, business email compromise scams, malware, identity theft and various forms of online payments fraud. However, by applying an array of solutions — creating multiple layers of security — you can give your company a fighting chance to thwart the fraudsters.

At Fifth Third Bank, we are committed to the safekeeping of your sensitive financial information and believe strongly in the power of layered cyber security. That’s why we’re introducing a new layer to protect you — a One Time Passcode.

Another form of authentication

The One Time Passcode is an added layer of protection for clients who initiate payments — including wire transfers and Automated Clearing House (ACH) payments — using the Fifth Third Direct online account management portal.

The new passcode is a form of authentication, meaning it’s another way for the bank to confirm that someone initiating an online payment through Fifth Third Direct is who they say they are — and not some fraudster engaged in unauthorized activity.

Once the new security feature is fully implemented in the coming months, every transaction through Fifth Third Direct will be evaluated based on risk factors such as dollar amount, IP address, country of origin, and destination country. These factors will be compared to the user’s past payment history and the transaction will be given a risk score. Abnormal transactions eclipsing a certain risk score will trigger a request from the bank — through a pop-up message — for the user to provide a One Time Passcode to further confirm their identity.

Users receiving this online challenge will be given the choice to receive a six-digit passcode via a text message to their cell phone — or to use, as their passcode, the current number on a physical token they carry. They must enter the passcode into their Fifth Third Direct payment screen to complete the transaction.

A complement to existing protections

Today, all clients receive unique user credentials and an RSA GoID token for authentication purposes to help securely manage online payment entitlements. The bank also offers optional dual control administration, which requires two separate users to process financial transactions: one to originate and one to approve.

To combat malware, clients can use Trusteer Rapport, a no-cost downloadable security software plug-in, which complements anti-virus and other security tools.

If a fraudster is somehow able to compromise all of these security defenses, the One Time Passcode acts as additional layer of protection between the fraudster and your company’s funds.

Update your account profile

To achieve the maximum benefit of this new layer of security, users must keep their phone number and all contact information updated on Fifth Third Direct. To do so, log in and navigate to the User Profile page by either clicking the “Welcome” message in the top left-hand corner of the screen, or by going to the Administration Tab -> User Profile.

Security is an ongoing partnership between Fifth Third Bank and our customers. If you have any questions or comments regarding the new One Time Passcode, please contact your relationship manager.