Elevated Authentication

Coming Soon: We will support Elevated Authentication for address and password changes in a future release.

To enhance security, you can enable Elevated Authentication, which requires users to complete two-factor authentication (2FA) for critical actions. This extra layer of protection helps prevent fraud, safeguard sensitive account changes, and ensure that only authorized users can complete high-risk transactions.

With Elevated Authentication, users must verify their identity before performing actions such as sending ACH payments and wires or updating their email, phone number, or username. Additionally, your institution can configure how long users remain in Elevated Authentication Mode before they are required to authenticate again.

Account verification prompt asking for email or phone for code delivery.

Enable or Disable Elevated Authentication

To turn Elevated Authentication on or off, go to Narmi Command under Configurations > Institution Settings > Features Requiring Elevated Authentication.

Settings for elevated authentication features with checkboxes next to each option.

Select the box next to each action that should require Elevated Authentication:

ach_payments – When making an ACH payment (Business only)
wires – When making a wire transfer (Consumer and Business)
username_change – When changing the username in Narmi Banking settings (Consumer and Business)
email_change – When changing the email address in Narmi Banking settings (Consumer and Business)
phone_change – When changing the phone number in Narmi Banking settings (Consumer and Business)
sensitive_card_info – When viewing the card number, expiration date, and CVV in Narmi Banking card management (Consumer only)
sensitive_user_info – When a third-party service or integration attempts to retrieve the user’s date of birth and Social Security Number through the Narmi Admin API’s /me/sensitive endpoint. For more information, go to our API docs.
add_member – When adding a new member for member-to-member transfers (Consumer and Business)

Note: We will support 2FA for address and password changes in a future release. Please refrain from enabling the address_change or password_change settings, as it could affect the user experience.

Configure Elevated Authentication Mode Duration

By default, after selecting a method of 2FA verification, a user remains in Elevated Authentication Mode for 60 seconds, which means they have up to 60 seconds to receive and enter their authentication code before they are required to authenticate again.

Your institution can adjust this duration in Narmi Command under Configurations > Institution settings > Elevated Authentication Mode Duration. This setting should be at least 20 seconds to ensure users have enough time to receive and enter their authentication code.