A sneak peak at the FFIEC’s new online authentication guidance
What will the FFIEC’s new online authentication guidance look like? In short, it makes financial institutions more responsible for fraud prevention and the security they provide.
Although it has not yet unveiled its update to 2005’s authentication guidance, the FFIEC has recently distributed a draft document to its member agencies which singles out five keys areas of improvement:
1. Improved risk assessments: to help institutions discern and respond to emerging threats
2. Layered security controls to detect and prevent attack or the inadvertent loss of sensitive information (think ACH wire fraud incidents)
3. More pervasive use of multifactor authentication
4. More efficacious approaches to authentication, including better qualifying challenge questions and more sophisticated device identification and protection;
5. Improved customer education offerings, especially for commercial accounts
With the proliferation of online banking, and in the aftermath of the Zeus Banking Trojan, the FFIEC that the more challenging the barriers, the better equipped financial institutions will be able to prevent fraud. We’ll have to wait a bit for the official and final release of the new guidance, but at least there will be few surprises.
Got an opinion? Please help continue our conversations by commenting on this post.