The new FFIEC Guidance is clear. And the deadline to have a plan in place is quickly approaching. Financial institutions need to perform periodic risk assessments of customer authentication controls based on threats and subsequently increase levels of controls based on threats. As part of this risk assessment, Financial institutions need to deploy more sophisticated challenge questions as an effective component to their risk management programs.
What is not clear and where many organizations struggle is figuring out exactly where and when to deploy more sophisticated challenge questions and how to do so given budgetary constraints.
This webinar will arm you with the following information:
Identify the difference between simple challenge questions and sophisticated out-of-wallet questions;
Clarify when and how to effectively use sophisticated out-of-wallet questions;
Provide examples of effective usage out-of-wallet questions;
Address how to effectively integrate out-of-wallet questions without exceeding your current budget.
The FFIEC Supplement to Authentication in an Internet Banking Environment focuses on the need to perform more frequent and more effective assessments. Following the assessments, Financial institutions need to implement layered security techniques to strengthen the security of high-risk transactions, and in particular, utilize more sophisticated challenge questions. This has been highlighted as a weakness in existing systems up to now.
This webinar will discuss authentication techniques based on risk of transaction. We'll explore these techniques in relationship to device identification, dynamic out-of-wallet challenge questions, and out of band authentication methods.
We'll specifically delve into the weaknesses of shared secrets and why they are not appropriate for high risk situations. We'll address why the increase of information from social media has limited the effectiveness of this technique. It will clearly become evident why more sophisticated challenge questions are critical to protect your organization and its reputation. The presenters will give concrete examples of effective out-of-wallet questions that are far superior to shared secrets.
The presentation will also address how to practically integrate challenge questions in, when and where appropriate, to provide the best methods of authentication and risk management possible, without exceeding your budget.
Premium Members Only
OnDemand access to this webinar is restricted to Premium Members.
Head of Identity Verification Services, RSA Security
Bryan Knauss is the Head of Identity Verification Services for RSA, the Security Division of EMC, where he is responsible for leading product development efforts around RSA's Knowledge-Based Authentication portfolio. Prior to RSA, Bryan was a Principle Technical Project Manager at AOL and Principal Consultant at PricewaterhouseCoopers. Bryan is a frequent speaker at industry events and has been quoted in numerous publications. He holds a BS in Chemical Engineering from Bucknell University and a MBA from University of Georgia.
Smith is responsible for Fraud Market Planning for LexisNexis Risk Solutions, driving conceptual design of innovative solutions for financial service organizations in alleviating fraud risk. Prior to LexisNexis, He was a Fraud Risk Manager for General Electric (GE Money), Manager of Fraud Policy at Direct Merchant's Credit Card Bank, and Fraud Investigator for Certegy and Equifax. Smith began his training in the fraud industry by receiving a degree in Economic Crime from Utica College of Syracuse University and through an internship at the Financial Crimes Division of the United States Secret Service in Washington, DC.