Security - FAQ's

Authentication is the process of reasonably verifying that you are who you say you are. For online systems this is typically accomplished via the use of a unique identifier, often your email address, and one or more additional items that provide further assurance of the identity you assert as being yours.

Multi-factor authentication (MFA) is a method for helping to keep online accounts more secure by enforcing the use of two of these types of “factors”:

1. Something you know (like your password)
2. Something you have (like your mobile phone)
3. Something you are (like your fingerprint)

Multi-factor authentication is a common and recommended practice for protecting important accounts such as those associated with financial services. MFA strengthens an account’s security because the second factor acts as an additional “gate.” This extra gate helps your account security by reasonably verifying that you are who you say you are after you submit your correct email address and login password.

No. Some mobile devices offer biometric login, which uses a physical characteristic belonging only to you (like your fingerprint or your face) to log you into your phone and into specific Apps you authorize. Biometric login is a convenient and safe way to log in, but it’s still only acting as a single “factor” to access your account and can only protect you if you’re using that same device where you have enabled a biometric login. Even if you use something like Face ID on your mobile device, it’s still important to set up a second factor as an added layer of protection. The second factor helps protect your account in case someone other than you tries to access your account, or if you want to access your account from multiple devices.

Yes! You can receive login verification codes as your second factor authentication method through text, or email. To manage these options, visit your security settings in your profile, and select Multi-factor authentication” to get started.

Unexpectedly receiving a verification code (also called “multi-factor authentication token”) from Pibank can happen when someone other than you attempts to access your account. The most common scenario is when you open a third-party App where you may have linked your Pibank account, such as a personal financial management tool. Opening up third-party apps where your Pibank account is linked is detected as a type of login by Pibank. In some cases, you’ll need to enter this login code on the third-party app to refresh the apps’ connection with Pibank. If you received a verification code when you were not attempting to log in to your Pibank account, and/or it is not through a third-party App, you should change your password and contact our call center. As a reminder, your password should be unique to your Pibank account and not be used for other online accounts or services.

Pibank takes the privacy and security of its customers’ financial and personal information very seriously. We maintain industry-standard administrative, technical and physical safeguards designed to protect your information’s confidentiality and integrity. Our systems and security controls are reviewed by third parties against security standards such as SSAE18 SOC2 and PCI DSS, and rigorous third-party penetration testing is done at least annually.

We take the security of your personal information seriously, including your account data. We maintain stringent, industry-standard administrative, technical and physical safeguards to protect your information. We also use multi-factor authentication to protect access to your account through the Pibank App. Multi-factor authentication means we use a device-based security layer in addition to simple password validation.

Pibank’s BCIV uses the AuthID biometric authentication facial recognition system to verify the identity of the individual. This is becoming more commonly used in the industry as it is more secured and efficient especially with online activity. Based on the results of the match, this could result in the denial of the Pibank account opening.
It is Pibank Policy not to reactivate the account opening application process or to give the specifics of the denial reason unless the reason is due to adverse information from a ChexSystems related report.”