White Papers for Federal Financial Institutions Examination Council (FFIEC)

MAKING THE FFIEC GUIDANCE OPERATIONAL:BALANCING AUTHENTICATION METHODS WITH ONLINE BANKING RISK

RSA

FFIEC’s October 2005 guidance considers single-factor authentication, as the only control mechanism, to be inadequate for online banking. Rather, banks should use authentication (the process of verifying the
identity of a person or entity) methods that are both effective and appropriate to the risks associated with online banking. These methods include multi-factor authentication, layered security or other controls reasonably calculated to mitigate those risks. It is important to note that the guidance is not a formal regulation; it does not create any legal obligation for banks. It is only a recommendation—strong guidance to be exact. Financial institutions are taking this guidance seriously and implementing it
because the guidance comes from not one, but five regulatory agencies of the financial sector, and because all five agencies of the FFIEC have given banks a deadline of Dec. 31, 2006 to comply.

View the White Paper

Share or bookmarklet this web page at: