FFIEC urges stronger security for Internet banking.New guidance issued by the Federal Financial Institutions Examination Council The Federal Financial Institutions Examination Council, or FFIEC, is a formal interagency body of the United States government empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of (FFIEC FFIEC Federal Financial Institutions Examination Council ) in the form of a report urges financial-services institutions to move beyond use of user name and password to authenticate the identity of online banking customers. FFIEC said it issued its guidance, Authentication in an Internet Banking Environment, to reflect the many significant legal and technological changes with respect to the protection of customer information, increasing incidents of identity theft and fraud, and the introduction of improved authentication technologies and other risk-mitigation strategies. The continued growth of Internet banking and other forms of electronic financial activities, including the advent of eMortgage processing, and the increased sophistication so·phis·ti·cate v. so·phis·ti·cat·ed, so·phis·ti·cat·ing, so·phis·ti·cates v.tr. 1. To cause to become less natural, especially to make less naive and more worldly. 2. of security threats have resulted in higher risks for financial institutions and customers alike. An effective authentication system The combination of authentication server and authenticator, which may be separate devices or both reside in the same unit such as an access point or network access server. The authentication server contains a database of user names, passwords and policies, and the authenticator physically , as well as a risk assessment, is necessary in order to ensure financial institutions' ability to secure sensitive information, noted FFIEC. "Where risk assessments indicate that the use of single-factor authentication is inadequate, financial institutions should implement multifactor authentication Using two or more forms of identification to authenticate a user. Single factor authentication, which is commonly used, employs a unique username and password combination. For more security, multifactor authentication adds at least one more form, such as a physical token or biometrics. , layered security Layered security is a new term used by information protection and online security vendors that describes the practice of leveraging several different point security solutions to protect the digital identities and information of consumer, enterprise or government environments. or other controls reasonably calculated to mitigate those risks," the report said. "The agencies consider single-factor authentication as the only control mechanism to be inadequate in the case of high-risk transactions involving access to customer information or movement of funds to other parties." The guidance, which replaces FFIEC's Authentication in an Electronic Banking Environment, issued in 2001, does not endorse any particular technology. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion