In the wake of devastating cyber attacks and fraud losses to banking institutions and customers, the FFIEC has issued its first online authentication guidance since 2005. Banking regulators will begin assessing institutions by this new guidance in 2012, so it's imperative to attend this session and gain expert insight...
Upon issuing its 2011 update to online authentication guidance, the FFIEC put banking institutions on notice: Examiners will assess how institutions satisfy these enhanced expectations starting in January 2012. So, how best should banking/security leaders go about meeting these new directives and ensuring the security...
For banking institutions, the release of the 2011 FFIEC Authentication Guidance is a game-changer, handing down new standards for layered security controls, risk assessments, authentication techniques and customer awareness. But what does all this mean to technology vendors and third-party service providers? Attend...
Jeff Kopchik of the FDIC says too much emphasis on what's "missing" from the FFIEC's new guidance detracts from regulators' intent: providing financial institutions with a guideline for securing online transactions.
"The FFIEC guidance does a good job of addressing today's and yesterday's threats and suggested techniques, but it is not sufficiently forward-looking," says Gartner's Avivah Litan. "Two years from now, the guidance will be sorely out of date."
The Federal Financial Institutions Examination Council has formally released the long-awaited update to its "Authentication in an Internet Banking Environment" guidance. The new directives take effect January 2012.
The Final FFIEC Guidance has been issued and its main intent is to reinforce the 2005 Guidance's risk management framework and update the Agencies' expectations regarding customer authentication, layered security, or other controls in the increasingly hostile online environment.
Fraud expert Ori Eisen says banks spend too much time reacting to ACH fraud, rather than trying to stop it. Now that the FFIEC's new online authentication guidance is official, banks must focus on eliminating outdated solutions and moving toward automated solutions for device identification and log analysis.
"Simple passwords alone do not provide sufficient commercially reasonable security," says Jim Payne of fraud victim Choice Escrow. "Where is the principle of doing what is right and just?"
Six months after Michigan-based Experi-Metal Inc. sued Comerica Bank after a breach that resulted in $1.9 million in ACH and wire fraud, a U.S. District Court has favored the commercial customer.
No one is really sure when the FFIEC's new authentication guidance will be issued, but we do know banking institutions can't afford to wait. Hence, our new FFIEC Authentication Guidance Resource Center.
Information Security Media Group announces the launch of FFIEC Authentication Guidance, a resource center dedicated to providing in-depth news and views on the pending online authentication guidance.
"I'd like to make sure our recommendations fit with what the FFIEC is recommending, to continue to help us mitigate risk," says Michael J. Wyffels, SVP and CTO of QCR Holdings Inc. "But the hackers seem to continue to find new ways to exploit vulnerabilities."
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ffiec.bankinfosecurity.com, you agree to our use of cookies.