Erroneous MFA options presented for Space Coast CU

System
System Administrator admin

This discussion was created from comments split from:

Space Coast CU FDP-103 error (edited).

Tagged:

Comments

  • jp2
    jp2 Member

    Simplifi team, you should URGENTLY look at whatever update was pushed for SCCU. It's leaking data and may have cross-customer implications.

    What happened: My SCCU connections have been broken for a while. When I opened the Simplifi app today I received a prompt for MFA which looked encouraging like maybe the connections were being fixed, HOWEVER the last four of the MFA phone number presented were NOT mine, and there are LOTS of other phone numbers and emails listed as MFA options for my connection (see screenshot). What is going on?? This is very concerning. Some wires are crossed somewhere and I'm now very concerned about my bank account's security.

    Please let us know what's going on with this.

  • Coach Natalie
    Coach Natalie Administrator, Moderator admin

    @jp2, thanks for posting to the Community!

    The MFA options presented are sent in by the bank, and I'm not aware of any other users experiencing this issue in Quicken Simplifi. It could be due to the ongoing issues we have with Space Coast CU:

    At this time, I'd suggest establishing a completely fresh connection with the bank to see if doing so clears things up for you, or if you end up back in an error state, such as what's outlined in the Alerts I shared above. You may do so by following these steps:

    1. Make all of the accounts with this bank manual by following the steps here.
    2. Once you see the account(s) listed in the Manual Accounts section under Settings > Accounts, go back through the Add Account flow to reconnect to the bank.
    3. If the connection is successful, carefully link the account(s) found to your existing Quicken Simplifi account(s) by following the steps here.

    Please let us know if the MFA issue persists after doing so. If it does, I'd also suggest checking the contact info you have set up for MFA on the bank's website or maybe even contacting them to see if there was perhaps a mismatch of information on their end.

    Let us know how it goes!

    -Coach Natalie

  • jp2
    jp2 Member

    Hi Natalie, thank you for the reply.

    I have a friend experiencing the same issue with SCCU MFA showing other emails/numbers, so I believe it is more widespread.

    I have tried the manual/new/relink process and only get as far as choosing my phone number or email for MFA code (among the many other numbers and emails that are not mine, and that are not associated with my SCCU account). I get the email/text MFA code, but Simplifi never presents the MFA code input dialog. Instead it fails with error code FDP-189.

    I doubt me contacting SCCU customer support and trying to describe this issue would make its way to the right people @ SCCU. If you have any backend/technical contacts please relay to them. It's not just a broken connection issue; it's a customer privacy issue. Some of the emails, though obfuscated with an added 'X' are easily guessed. And the PII is being exposed via your app.

  • jp2
    jp2 Member

    After many attempts I was able to get my SCCU connection to succeed and re-link my manual Simplifi accounts. There was a transaction gap which I filled in manually. For anyone seeing this, I ultimately succeeded in connecting by:

    (1) Logging into the SCCU website on my desktop for the first time since the SCCU system upgrade and acknowledging a user agreement dialog, and

    (2) using phone text MFA, not email or app push notification. Be patient because Simplifi spins for a few minutes.

    We'll see if this connection is stable going forward, or if it chokes on MFA again. Still concerned about PII leakage. Hopefully SCCU/Simplifi can plug that hole.