Account aggregator services are an easy way for consumers to connect all of their various financial relationships. If you are using a non-Coastal app or website to interact with your Coastal account or view balances, an aggregator is working in the background to connect your Coastal account to that site or application. As a convenience to our members, we have not been requiring multifactor authentication (MFA) for aggregators, which go through an initial validation process, and often automatically log in daily to update account data.
However, because of the recent uptick in fraudulent transactions using stolen credentials within these aggregator services, Coastal is increasing MFA for aggregators. This affects anyone using services like Quicken, Mint, TurboTax, PayPal, etc., as well as other credit unions or banks that might connect to your Coastal account.
The next time you connect to Coastal via a service that uses an aggregator, you will be asked to complete a security challenge in order to proceed. You’re already familiar with this process, which may include authentication via one-time confirmation code, knowledge-based identity challenge questions or user-defined challenge questions that you’ve previously set up.
For additional security, Coastal recommends that you:
- Don’t reuse usernames and passwords on multiple websites.
- Remember that Coastal will never contact you and ask for your username, password, PIN, CVV security code, or full Social Security Number. Read more.
While this may require a small amount of effort on your part, it will go a long way to helping Coastal protect you and our other members from fraud. Thank you for doing your part!