Voice and Wireless Communications Present Unique Security Challenges, Regulators Say
The Federal Financial Institutions Examination Council has made clear that institutions need to safeguard all customer channels against fraud. Understanding the risks and the steps to mitigate them can go a long way to securing not only a institution's information, but its reputation as well.
Although the deadline for FFIEC compliance has passed, many institutions have yet to implement some of the authentication safeguards, such as multifactor and mutual authentication. Those that are considered to have a leg up against their completion.
Desert Schools Federal Credit Union in Arizona moved aggressively to upgrade its security in order to meet the compliance deadline and is glad it did. "It gives our members more comfort that we're secure and deterring any fraud opportunities," says Desert Schools CIO Ron Amstutz. Desert Schools in 2006 installed authentication and fraud detection software for online banking, to be used at both login and in session. It has also tested some biometric products internally.
Even as many institutions contemplate how to comply with the FFIEC's online banking guidance, they're being challenged to protect their voice and wireless channels as well. "Phase one in 2006 was about installing fraud detection and multifactor authentication for online banking," says Jon Fisher, CEO of a leading security software manufacturer. "Phase two, in 2007, will be about securing call centers and mobile devices."
This is especially true for high-risk transactions like wire transfers, where the threat of account hijacking demands maximum security for the online and voice channels.
Somerset Trust in Pennsylvania is implementing voice verification technology to secure wire transfers, and envisions using it across all transaction services requiring multi-factor authentication, including its call center, telephone, online and bill pay services. The technology offers a natural way to verify a personâ€™s identity, and will help the institutions comply with the FFIEC guidance.
The institution is streamlining wire transfer "with a process our customers will use and feel confident about,â€ says Richard Stern, VP and treasurer of Somerset Trust. â€œWe are intrigued by the possibility of voice being the only method of authentication needed - a single user credential that can be used for every aspect of the customer relationship.â€