 |
 |
 |
 |
 |
|
Purpose The staffs of the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision (the Agencies) have jointly developed the attached frequently asked questions (FAQs) to assist financial institutions and their technology service providers in understanding the Federal Financial Institutions Examination Council's (FFIEC's) guidance entitled Authentication in an Internet Banking Environment (the guidance). Overview The guidance, issued on October 12, 2005, updates the FFIEC's guidance entitled Authentication in an Electronic Banking Environment issued in 2001. It addresses the need for risk based assessments, customer awareness, and enhanced security measures to authenticate customers using Internet-based products and services that process high risk transactions involving access to customer information or the movement of funds to other parties. The attached FAQs are a representation of questions the Agencies have received from financial institutions, Agency examiners, and technology service providers and they address the scope of the guidance, risk assessments, the time frame for implementation, and other issues.
Federally Insured Credit Unions are increasingly offering a variety of Internet banking services ranging from simple inquiry to complex e-Commerce activities for their members. In parallel, the number of members using transactional sites grew significantly. As e-Commerce services increase in volume and complexity, criminals are using more sophisticated methods for account fraud and identity theft. You should become more diligent to safeguard member information, to prevent money laundering and terrorist financing, to reduce fraud, and to inhibit identity theft. One of the effective security measures to mitigate these risks is to implement an effective and reliable authentication system. Authentication is the process of verifying a member’s identity using a variety of methodologies and technologies before the member gains access to the system. It is a way to ensure members are who they say they are. A single-factor authentication such as user name and password used as a security control mechanism may not be adequate for high-risk transactions involving access to member information or fund transfers.
Summary: The Federal Financial Institutions Examination Council (FFIEC) has issued the attached guidance, "Authentication in an Internet Banking Environment." For banks offering Internet-based financial services, the guidance describes enhanced authentication methods that regulators expect banks to use when authenticating the identity of customers using the on-line products and services. Examiners will review this area to determine a financial institution's progress in complying with this guidance during upcoming examinations. Financial Institutions will be expected to achieve compliance with the guidance no later than year-end 2006.
|
||||||||||||||||||||||||||||||||||||||
RSS SyndicationCopyright © 2007 CUInfoSecurity.com