Frequently Asked Questions (FAQs)
1. What happens if I delete the persistent cookie by deleting cookies/clears cache. Will it be written again at the next login and the customer prompted to accept it again if their browser is set to prompt?
• If the user deletes his cookies, a new cookie with a new machine value will be added once he has successfully authenticated.
• If the user has the setting to prompt for cookies they will be prompted every time a new cookie is created.
2. What does the message look like when accepting a cookie?
• The verbiage of the message is the same one they receive today for the required session cookies within NetTeller. Below is an example from Internet Explorer.
3. What information is stored in the persistent cookies? What if the cookie is copied and placed on another computer? Is the cookie encrypted?
• The cookie is a hashed value that is created by the Banks’ core system administrator. The value includes several things used to protect your identity and account information.
• The cookie cannot be placed on another computer.
• The cookie is encrypted.
4. What is the benefit of using a persistent cookie, how does it impact RSA?
• The persistent cookie is a unique cookie that does not change between user sessions, commonly used to save preferences of a user to ease navigation. RSA uses it for positive device tagging. This way the user and the cookie are associated with a profile. As long as the user is coming from the same cookie, then the system is more trusted. If the user has succeeded in passing a challenge then the trust is even greater. If the user fails authentication or is marked as fraud confirmed this will help in future transactions.
5. Can my user’s cookie be used by a hacker / fraudster?
• Cookie interception through the use of malware or Trojans that have been installed onto a user’s PC can occur. In those scenarios, the cookie is one of many pieces of data that the fraudster can access including ID and password information through a keystroke program.
• The capturing of cookies is not a complete guarantee against fraud but it is a strong deterrent. Therefore it is important to remember to consider multiple layers of protection.
• Cookies that are passed to RSA from NetTeller are encrypted to ensure that data can’t be captured from the cookie should a user’s PC become compromised.