Resources for Federal Financial Institutions Examination Council (FFIEC)

FFIEC guidelines fall short of protecting the online consumer

scmagazine.com

The incidence of ID theft is not new; but in today's world of online commerce and online banking, its implications are increasingly felt by victims who find that an inadvertent click on an enticing email can lead to the loss of their bank savings.

Because of the sharp rise in online identity fraud, the FFIEC (Federal Financial Institutions Examination Council) representing several federal organizations including the FDIC and Federal Reserve, issued a guidance in October 2005 urging financial institutions to tighten the security of online access. In particular, the guidance said that simple authentication methods like username and password may not provide sufficient protection for internet-based financial services.

Having acknowledged the limitation of existing authentication schemes, FFIEC guidance indicated that the regulators expected financial institutions to adopt a multi-pronged approach to improving online security. Furthermore, financial institutions must have achieved compliance no later than December 2006. The approach suggested by the FFIEC guidance effectively required three steps – (1) a self assessment by the financial institutions to evaluate the risk associated with various products and services available to on-line customers, (2) implementation of an effective authentication strategy in relation to the assessed risk, and (3) a customer education and awareness program that would deter online theft of assets and sensitive information.

View the Resource

Share or bookmarklet this web page at: