Mobile Banking - Soft Tokens

Introducing Soft Token Authentication

Soft tokens = strong security, greater convenience 

Community Bank of the Bay strives to deliver the highest level of protection for our Business Online Banking clients. That’s why we offer a smartphone app for Apple and Android devices that generates a secure, one-time password to use each time you log in to your account.

This app—called a “soft token”—is easy to install and simple to set up.

The concept is brilliant: Rather than using a traditional password that can be stolen or hacked, the soft token app generates a random, one-time string of numbers that you enter when logging into your account. The number is combined with a PIN that you create when setting up the soft token, making it next to impossible for crooks to access your account. You can even use the soft token as an extra layer of protection to complete transactions such as wires or ACH. 

Previous tokens were small hardware devices that you had to keep track of and carry with you. A soft token is convenient—you just install the app on your smartphone and it’s there whenever you need it. 

You’ll find the app in the Apple or Google Play stores by searching for “DIGIPASS for Business Banking.”

See below for a step-by-step demonstration of how to set up and use your new soft token app.

Activating your DIGIPASS soft token

Step-by-step instructions:

Step 1: Login: Using your computer, log in to Business Online Banking with your current Username and Password. After logging in, you will be prompted to activate your soft token.

Step 2: Activate soft token: Using your mobile device enter “DIGIPASS for Business Banking” in the search field of your smartphone’s app store. Download and open the app. Go back to your computer and click Begin Activation

Step 3: Activation: On your phone, tap Begin Activation in the app.

The app uses your smartphone’s camera to scan the secure, multi-colored CRONTO image displayed on your computer’s Activate token screen. The app will decode the image and display your device code. 

Fill out the Activate token form on your computer screen:

  1. Enter the Device Code as displayed in the app.
  2. Add a Nickname for your device.
  3. Enter a 4-digit PIN that you will remember. (You’ll use this PIN each time you log in.)
  4. Create a Security Question and add the Answer.
  5. Click CONTINUE.

Step 4: Activate soft token:

  1. Another CRONTO image will appear on the computer screen. Using your phone and the soft token app, tap the Scan Image button to decode the CRONTO image.
  2. Enter the One-time password as displayed in the app.
  3. Click COMPLETE ACTIVATION

If you have a phone that allows biometric protection, choose YES to enable fingerprint security for opening the app. Select NO if you want to skip this step. (You’ll be able to enable this later, if you choose.)

Back to top Back to top

Logging in to Business Online using your DIGIPASS soft token

Step-by-step instructions:

Step 1: Open the DIGIPASS for Business Banking soft token app and tap One-Time Password.

Step 2: 

  1. At the Business Online log in screen, enter your Username
  2. In the Password field, enter the one-time password generated with the soft token, followed by your PIN
  3. Click LOG IN

Step 3: Site verification: When a Site Verification screen opens, compare the number on the screen with the code on your app. If they match, select VERIFIED and you’ll be securely logged in to your account. 

Title: Completing Security Challenges using your DIGIPASS soft token

If you are required to complete a Security Challenge to approve or initiate transactions such as ACH or wire transfers, you will be asked to provide a Digital Signature or a One-Time Password to complete the challenge. 

Step-by-step instructions: 

Providing a Digital Signature 

Step 1: Open the DIGIPASS soft token app and choose Digital Signature. 

  1. Scan the CRONTO image displayed on the screen. 
  2. Enter the 10-digit Digital Signature displayed in the app. 

If you are unable to scan the image, select the “Can’t scan the image?” link to provide a One-Time Password instead. 

Providing a one-time password 

  1. Open the soft token app and select One-Time Password
  2. Enter the one-time password displayed on your device.

3. Select Complete Challenge.

Back to top Back to top

Activating your DIGIPASS soft token for transactional authentication

Step-by-step instructions: 

Step 1: After logging in to Business Online Banking with your Username and password, click on the PROFILE menu option. Browse to the Token section. 

Step 2: Using your mobile device enter “DIGIPASS for Business Banking” in the search field of your smartphone’s app store. Download and open the app. Go back to your computer and click Begin Activation.

Step 3: On your phone, tap Begin Activation in the app. The app uses your smartphone’s camera to scan the secure, multi-colored CRONTO image displayed on your computer’s 

Profile screen. The app will decode the image and display your device code. Fill out the Token form on your computer screen: 

  1. Enter the Device Code as displayed in the app. 
  2. Add a Nickname for your device. 
  3. Click CONTINUE

Step 4: Completing the activation.

  1. Another CRONTO image will appear on the computer  screen. Using your phone and the soft token app, tap the Scan Image button to decode the CRONTO image. 
  2. Enter the One-Time Password as displayed in the app. 
  3. Click COMPLETE ACTIVATION

If you have a phone that allows biometric protection, choose YES to enable fingerprint security for opening the app. Select NO if you want to skip this step. (You’ll be able to enable this later, if you choose.)

Back to top Back to top

Completing Security Challenges using your DIGIPASS soft token

If you are required to complete a Security Challenge to approve or initiate transactions such as ACH or wire transfers, you will be asked to provide a Digital Signature or a One-Time Password to complete the challenge. Follow the directions above for Providing a Digital Signature and Providing a One-Time Password.

Back to top Back to top

Using your DIGIPASS soft token app with your Business Mobile Banking app

Once your soft token has been activated through Business Online Banking, you will use it to generate a one-time password when logging in to Business Mobile Banking and when completing transactional Security Challenges. 

Step-by-step instructions: 

Providing a One-Time Password 

  1. Open the Business Mobile Banking app. 
  2. Enter your Username
  3. Open the DIGIPASS for Business Banking app. 
  4. Tap One-Time Password
  5. Copy the One-Time Password displayed in the soft token app. 
  6. Navigate back to Business Mobile Banking
  7. Paste in the One-Time Password followed by your four-digit PIN
  8. Tap Log In.

If asked to provide a one-time password to approve or initiate transactions, repeat steps 3-7.

Back to top Back to top