In This Presentation:
- Critical differences in the 2011 Supplement as compared to the 2005 Guidance
- Other useful sources of regulatory guidance on authentication
- Concluding thoughts on areas of examination emphasis
Why the need for the Supplement?
-Supplement reiterates the need to perform periodic risk assessments and adjust customer authentication controls as appropriate in response to new threats
- However, certain aspects of the 2005 Guidance have become less effective or require enhancement due to significant changes in the threat landscape:
- More sophisticated, effective and malicious methods to compromise authentication mechanisms and gain access to online accounts
- Criminal groups specializing in financial fraud
- Fraud tools are easily obtainable on Internet
- Malware installed on computers monitor user activity, facilitate theft and misuse of login credentials
- Cybercrime complaints significantly up since 2005, in particular with respect to commercial accounts.
Please see full presentation below for more information.
Firefox recommends the PDF Plugin for Mac OS X for viewing PDF documents in your browser.
We can also show you Legal Updates using the Google Viewer; however, you will need to be logged into Google Docs to view them.
Please choose one of the above to proceed!
LOADING PDF: If there are any problems, click here to download the file.