Understanding the FFIEC Guidance on Authentication  
  SEARCH: Sign In | Register | Contact Us | Site Map | Home  

White Papers for Federal Financial Institutions Examination Council (FFIEC)

Understanding the FFIEC Guidance on Authentication

Entrust

General consumer confidence in online services, such as online banking, has been eroding with increased publicity of data breaches and identity fraud. This loss of confidence in online services is resulting in direct impacts on the both the brand and reputation of banks offering financial services online. Financial Institutions offering Internet-based banking services have been facing increasing pressure to improve authentication and lower the incidence and risk of phishing and other fraudulent activities.
In October of 2005, as institutions were wrestling with the need to respond to increasing threats, the Federal Financial Institutions Examination Council (FFIEC) released new guidance on authentication. This guidance outlines the critical authentication issues surrounding the industry today and gives specific direction on the next steps for member institutions.
The FFIEC Guidance on Authentication in an Internet Banking Environment is both specific and challenging for member institutions. For banks offering Internet-based financial services, online bill presentment and other interactive services via interactive voice response (IVR) systems, the guidance describes enhanced authentication methods that regulators expect banks to use for online products and services. It specifically notes that single factor authentication methodologies do not offer enough protection for typical Internet banking transactions. The most challenging aspect may be that financial institutions are expected to comply with the guidance by year-end 2006.
Complying with the FIECC Guidance requires institutions to thoroughly review their online activities and conduct risk assessments to determine the appropriate level of authentication required. Institutions must then develop and deploy additional authentication methodologies and systems as deemed necessary by their risk assessment. Examiners will determine an institution's progress in complying during upcoming examinations. Progress must involve actual deployment to customers and plans must be beyond the early phases. The pressure is mounting for banks that have not moved forward with enhanced authentication plans

View the White Paper



Share or bookmarklet this web page at:



Google
Privacy Policy | Terms & Conditions | Support | Directory Links | Contact Us | Site Map | Home
Copyright © 2007-2008 ComplianceHome.com. A SUPREMUS GROUP venture. All rights reserved.