Speculation about the pending update to online authentication guidance has been circulating around water coolers for months now. "A [disclosure] like this could make it more challenging for the regulators," says attorney David Navetta.
"It's interesting to see regulators putting the onus on the financial companies for fraud that occurs after the theft has already happened," says David Navetta, co-chairman of the American Bar Association's Information Security Committee.
This piece summarizes the key elements of the three major releases by the FFIEC related to online authentication: The original 2005 authentication guidance, 2006 FAQs and the 2010 draft supplement.
"We want to know what the FFIEC guidelines actually mean and who is responsible for enforcing audits and compliance," says fraud victim Jim Payne, owner of Choice Escrow.
A preliminary draft of new online authentication guidance from the Federal Financial Institutions Examination Council puts greater responsibility on the shoulders of financial institutions to enhance security.
After one of its commercial customers fell victim to an online account takeover, this community bank suffered losses, reputational damage and learned that legal disputes rarely favor the bank.
"I'm not sure there is a way to protect a customer if their actions put their network at risk," says the president of a bank victimized by corporate account takeover.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ffiec.bankinfosecurity.com, you agree to our use of cookies.