"The FFIEC guidance does a good job of addressing today's and yesterday's threats and suggested techniques, but it is not sufficiently forward-looking," says Gartner's Avivah Litan. "Two years from now, the guidance will be sorely out of date."
For all the latest news and views, please visit the FFIEC Authentication Guidance Resource Center.
Aite's Julie McNelley says the final FFIEC online authentication guidance offers greater detail in areas such as layered security, but that institutions have much to do to prepare for regulatory assessments in 2012.
The Federal Financial Institutions Examination Council has formally released the long-awaited update to its "Authentication in an Internet Banking Environment" guidance. The new directives take effect January 2012.
The Final FFIEC Guidance has been issued and its main intent is to reinforce the 2005 Guidance's risk management framework and update the Agencies' expectations regarding customer authentication, layered security, or other controls in the increasingly hostile online environment.
Fraud expert Ori Eisen says banks spend too much time reacting to ACH fraud, rather than trying to stop it. Now that the FFIEC's new online authentication guidance is official, banks must focus on eliminating outdated solutions and moving toward automated solutions for device identification and log analysis.
Dave Jevans of the Anti-Phishing Working Group says most U.S. banking institutions are ill-equipped to fight 2011's latest and greatest security threats, including automated malware.
Greg Rattray, VP of Security at BITS, says we can't necessarily stop the spread of dangerous malware like Zeus, but banking institutions can do a better job of mitigating the risk and damage that follow such an attack.
"Simple passwords alone do not provide sufficient commercially reasonable security," says Jim Payne of fraud victim Choice Escrow. "Where is the principle of doing what is right and just?"
Six months after Michigan-based Experi-Metal Inc. sued Comerica Bank after a breach that resulted in $1.9 million in ACH and wire fraud, a U.S. District Court has favored the commercial customer.
No one is really sure when the FFIEC's new authentication guidance will be issued, but we do know banking institutions can't afford to wait. Hence, our new FFIEC Authentication Guidance Resource Center.
Information Security Media Group announces the launch of FFIEC Authentication Guidance, a resource center dedicated to providing in-depth news and views on the pending online authentication guidance.
For many, the lack of security on mobile devices is a major inhibitor to their adoption of mobile banking. As banks look to address these issues and capitalize on the opportunities of the mobile environment, they are also challenged by the need to bolster customer confidence in online banking. With Entrust's...
This TowerGroup Research Note addresses the growing issue of targeted attacks by
cybercriminals on business banking customers. As the sophistication of cybercriminal organizations has developed, they have begun attacking businesses with techniques such as phishing and "man in the middle" Trojan horses, techniques...
The proliferation of mobile devices and mobile services engenders both threats and opportunities in the financial services market. Because they recognize the opportunity to find vulnerabilities in this nascent technology, cybercriminals are turning their focus to the mobile channel to launch new attacks. Yet, both...
Strong authentication, using both fact-based and behavioral-based fraud detection solutions, should be part of every financial institution's layered security approach, says Reed Taussig, CEO of ThreatMetrix.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ffiec.bankinfosecurity.com, you agree to our use of cookies.