Digital Token Best Practices

Digital Token Best Practices

Vertifi Software, LLC provides the administrative system and secure access to the system for the Mobile Remote Deposit Capture program. Vertifi requires the use of a digital token in order to perform several types of transactions. Intuit has issued this token to you, because you have been authorized to perform activity on behalf of your Financial Institution.

1What is a Digital Token?

In general, a digital token is a small handheld device given to a specific user to prove his or her identity. Without the correct token, that user will be unable to access any system that requires its use.

The Safeword eToken PASS (pictured below) is a compact, easy to use digital token that provides one-time dynamic passwords on a liquid-crystal display (LCD) screen with the push of a single button. For security purposes, when not in use, the tokenturns off automatically after 60 seconds. Safeword tokens use high-performance batteries with an average life of more than five years.

A digital token should be utilized by only the individual user to whom it has been issued.

Each Safeword token can generate millions of unique password codes that can only be authenticated by the Token Security Server at Vertifi. A unique token serial number on the back of each token links the physical token to a specific user and role-based authorization privileges.

When a user provides a token-generated password, the Token Security Server will authenticate the password, ensuring that the individual is authorized to perform the transaction.

2How to Use a Digital Token

When accessing online content that requires token authenticationyou will be required to supply a PIN and a token-generated password. You will receive the PIN under separate cover.

When prompted to provide a token password, press the button on the front of the token. A
six (6)-digit value will appear in the display area of the token. This is the token-generated password you need to provide.

Passwords appear on the token display screen for a 60-second period, after which time the display screen turns off and the password expires. If you press the button without successfully completing a transaction with that password, press the button again to obtain the next sequential password.

In the event that you skip a password or several passwords, the Token Security Server allows a window of acceptable future passwords. This window is set to 16 events. Events are defined as password generations/button presses. Any password within the 16-event window can be used successfully, and with each successful event, the Token Security Server is resynchronized with your token.

3Physical Storage & Security

Digital tokens should be safeguarded at all times by you and your financial institution. You should know the location of your token at all times, and should take all reasonable measures to prevent its loss, theft or unauthorized use.

You should understand the potential risks involved if an unauthorized individual accesses your token. For example, if you lose your token, anyone who finds your token and learns your PIN can perform transactions using your name and user authority.The token is unique to the individual user, and under all conditions is to be used only by that user.

When the token is not in use, you should keep your digital token in a safe location, physically unavailable to unauthorized users, based on the policies of your financial institution.

Any loss, theft or unauthorized use of a digital token should be immediately reported to Intuit.

4Employee Terminations or Transfers

If you change or leave your job, based on your Financial Institution’s policies, you should turn in your digital token to a Local Security Administrator, who will delete your user profile and disable the token.

1July 2011