FFIEC Releases New Authentication Guidance for Online Banking

more+
less-

On June 28, 2011, the Federal Financial Institutions Examination Council (FFIEC) issued a Supplement to the Authentication in an Internet Banking Environment guidance first issued in Oct. 2005. The FFIEC considered that further guidance was appropriate due to the continued growth of electronic and mobile banking and greater sophistication of the associated threats, which have increased risks for financial institutions and their customers.

The Supplement reflects the FFIEC’s view that the controls in its previous guidance have become less effective over time as criminals have used techniques such as “corporate account takeover” to inflict large losses on banks and their customers for online banking services. The new guidance is expected to spur adoption of enhanced authentication technologies and controls, particularly for smaller financial institutions that may not have invested as heavily in advanced security technology as the largest banks.

Specifically, the Supplement:

· Reiterates the risk-management framework described in the 2005 guidance;

· Identifies customer authentication techniques that are less effective in the current environment and calls for enhanced measures;

· Outlines minimum layered security control elements for online banking activities; and

· Sets forth specific minimum elements that should be part of an institution’s customer awareness and education program.

A link to the new Supplement is provided here. The FFIEC member agencies have directed examiners to formally assess financial institutions under the enhanced expectations outlined in the Supplement beginning in Jan. 2012.

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Published In: Administrative Agency Updates, Finance & Banking Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Davis Wright Tremaine LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »