FFIEC Releases New Authentication Guidance for Online Banking


On June 28, 2011, the Federal Financial Institutions Examination Council (FFIEC) issued a Supplement to the Authentication in an Internet Banking Environment guidance first issued in Oct. 2005. The FFIEC considered that further guidance was appropriate due to the continued growth of electronic and mobile banking and greater sophistication of the associated threats, which have increased risks for financial institutions and their customers.

The Supplement reflects the FFIEC’s view that the controls in its previous guidance have become less effective over time as criminals have used techniques such as “corporate account takeover” to inflict large losses on banks and their customers for online banking services. The new guidance is expected to spur adoption of enhanced authentication technologies and controls, particularly for smaller financial institutions that may not have invested as heavily in advanced security technology as the largest banks.

Specifically, the Supplement:

· Reiterates the risk-management framework described in the 2005 guidance;

· Identifies customer authentication techniques that are less effective in the current environment and calls for enhanced measures;

· Outlines minimum layered security control elements for online banking activities; and

· Sets forth specific minimum elements that should be part of an institution’s customer awareness and education program.

A link to the new Supplement is provided here. The FFIEC member agencies have directed examiners to formally assess financial institutions under the enhanced expectations outlined in the Supplement beginning in Jan. 2012.

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Davis Wright Tremaine LLP | Attorney Advertising

Written by:


Davis Wright Tremaine LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.