White Papers for Federal Financial Institutions Examination Council (FFIEC)

FFIEC Authentication Guidelines are in. Single-factor Authentication is out.

RSA

FFIEC’s October 2005 guidance considers
single-factor authentication, as the only
control mechanism, to be inadequate for
online banking. Rather, banks should use
authentication (the process of verifying the
identity of a person or entity) methods that
are both effective and appropriate to the risks
associated with online banking. These
methods include multi-factor authentication,
layered security or other controls reasonably
calculated to mitigate those risks.
It is important to note that the guidance is
not a formal regulation; it does not create any
legal obligation for banks. It is only a
recommendation—strong guidance to be
exact. Financial institutions are taking this
guidance seriously and implementing it
because the guidance comes from not one,
but five regulatory agencies of the financial
sector, and because all five agencies of the
FFIEC have given banks a deadline of Dec.
31, 2006 to comply.

View the White Paper

Share or bookmarklet this web page at: