Tsibouris & Associates Home | Practice Areas | Attorneys | Contact | Publications | Clients | Blog Home

Thursday, October 20, 2005

Authentication in an Internet Banking Environment

Financial Institution Letters

FFIEC Guidance Authentication in an Internet Banking Environment (PDF Version)

FIL-103-2005

October 12, 2005

Summary:

The Federal Financial Institutions Examination Council (FFIEC) has issued the attached guidance, “Authentication in an Internet Banking Environment (PDF).” For banks offering Internet-based financial services, the guidance describes enhanced authentication methods that regulators expect banks to use when authenticating the identity of customers using the on-line products and services. Examiners will review this area to determine a financial institution’s progress in complying with this guidance during upcoming examinations. Financial Institutions will be expected to achieve compliance with the guidance no later than year-end 2006.

Highlights:

  • Financial institutions offering Internet-based products and services should use effective methods to authenticate the identity of customers using those products and services.
  • Single-factor authentication methodologies may not provide sufficient protection for Internet-based financial services.
  • The FFIEC agencies consider single-factor authentication, when used as the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties.
  • Risk assessments should provide the basis for determining an effective authentication strategy according to the risks associated with the various products and services available to on-line customers.
  • Customer awareness and education should continue to be emphasized because they are effective deterrents to the on-line theft of assets and sensitive information.

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

Links to this post:

Create a Link

<< Home