Speculation about the pending update to online authentication guidance has been circulating around water coolers for months now. "A [disclosure] like this could make it more challenging for the regulators," says attorney David Navetta.
"It's interesting to see regulators putting the onus on the financial companies for fraud that occurs after the theft has already happened," says David Navetta, co-chairman of the American Bar Association's Information Security Committee.
A preliminary draft of new online authentication guidance from the Federal Financial Institutions Examination Council puts greater responsibility on the shoulders of financial institutions to enhance security.
NACHA's CEO says ACH-related fraud is often over-hyped, and occurs far less often than check- and payment card-related fraud. But when corporate accounts are breached, fraudulent ACH transactions lead to big financial losses.