The FFIEC's updated online authentication guidance urges banks and credit unions to do better jobs of authenticating and identifying devices, areas that aren't bolstering the kind of security they could, says security expert Ori Eisen.
The Obama Administration's cybersecurity proposal for breach notification will require collaboration among differing financial-services providers, within and across borders, says Leigh Williams of BITS.
Now that the FFIEC's updated online authentication guidance is out, banking institutions need to move forward in preparation for 2012 compliance, says Julie McNelley, banking fraud analyst for Aite Group.
"Our role is changing in the fact that we see fraud being perpetrated in a new manner everyday via malicious software, banking Trojans and online theft," says Jean-FranÃ§ois Legault, senior manager of forensics and dispute services at Deloitte.
Fraud today is global. The same problems happening in the U.S. are simultaneously occurring in other parts of the world. For interested job seekers, there's never been a better time to enter the fraud examiner profession.
Multifactor authentication and layered security are steps financial institutions should take to protect their customers. But certain strategies are more problematic than successful when it comes to preventing fraud.
Despite increased incidents, major U.S. card issuers receive poor marks for card fraud prevention, according to a new study from Javelin Strategy & Research. The biggest area of concern: card-not-present fraud.
"I think we'll see some additional investments in fraud prevention tools as a result, and it could be EMV tokens or neural networks," says Jim Schlegel of ACI Worldwide, following the Fed's move on debit interchange fees.
Jeff Kopchik of the FDIC says too much emphasis on what's "missing" from the FFIEC's new guidance detracts from regulators' intent: providing financial institutions with a guideline for securing online transactions.
"The FFIEC guidance does a good job of addressing today's and yesterday's threats and suggested techniques, but it is not sufficiently forward-looking," says Gartner's Avivah Litan. "Two years from now, the guidance will be sorely out of date."
The Federal Financial Institutions Examination Council has formally released the long-awaited update to its "Authentication in an Internet Banking Environment" guidance. The new directives take effect January 2012.
The Final FFIEC Guidance has been issued and its main intent is to reinforce the 2005 Guidance's risk management framework and update the Agencies' expectations regarding customer authentication, layered security, or other controls in the increasingly hostile online environment.