Notice to UMB Cardholders – Click here if you recently received a replacement card as a result of a potential compromise.

Security Overview

Security of your data and payment transactions is a high priority for UMB. As part of our effort to promote online banking security and combat e-payment fraud and identity theft, UMB has deployed security infrastructure to support strong user authentication through the use of tokens – small devices that display a password that has a 60-second lifespan. Using this token in addition to your normal log in procedures for UMB Web Exchange®, defeats key logging spyware by introducing dynamic information to your log in credentials.

Strong authentication can be generally defined as a “Layered authentication approach relying on two or more authenticators to establish the identity of an originator or receiver of information.” There are many methods available for applying strong authentication to online systems.

An authentication method is considered to possess greater strength if it relies upon one authenticator that a person knows (e.g., a password) and another authenticator that a person possesses (e.g., a device or unique physical trait).

Authentication Strength



Biometric: Known password, plus a scan of the individual’s retina or fingerprint.


Token: Known password, plus an additional password provided by a device.


Out of Band One-time Password: Known password, plus an additional password sent to phone or Personal Digital Assistant (PDA, e.g., Blackberry) registered in advance.


In Band One-time Password: Known password, plus an additional password sent to an e-mail account registered in advance.


Most Common Multifactor Authentication (MFA): Known password, plus the presence of a cookie on the computer requesting system access.

Authentication methods requiring only a user ID and password are not considered of sufficient strength for financial transactions and are not used by UMB.