1 / 7

ffiec/pdf/Auth-ITS-Final%206-22-11%20(FFIEC%20Formated).pdf

FFIEC Agency Supplement to Authentication in an Internet Banking Environment. http://www.ffiec.gov/pdf/Auth-ITS-Final%206-22-11%20(FFIEC%20Formated).pdf. Released: June 2011. Risk Assessment. Review and Update: As new information becomes available Prior to implementing new services

cole-obrien
Download Presentation

ffiec/pdf/Auth-ITS-Final%206-22-11%20(FFIEC%20Formated).pdf

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. FFIEC Agency Supplement to Authentication in an Internet Banking Environment http://www.ffiec.gov/pdf/Auth-ITS-Final%206-22-11%20(FFIEC%20Formated).pdf Released: June 2011

  2. Risk Assessment • Review and Update: • As new information becomes available • Prior to implementing new services • At least every 12 months • Consider the following: • Changes in threat environment • Changes in membership base • Changes in functionality • Actual incidents of breach and fraud

  3. High-Risk Transactions • Defined as: • Electronic transactions involving access to member information or the movement of funds to other parties. • Not every online transaction poses the same level of risk. • Consumer online banking • Layered Security • Commercial online banking • Layered Security AND Multifactor • authentication.

  4. Layered Security • Effective Controls include: • Fraud detection and monitoring systems • Use of dual member authorization • Use of out-of-band verification • Use of positive pay and debit blocks • Enhanced controls over activities • Block connection to IP address known for fraud • Address member devices identified as compromised • Enhanced control over maintenance activities • Enhanced member education

  5. Layered Security Programs • Detect and Respond to Suspicious Activity • At initial log-in and authentication • At initiation of transfer to other parties • Controls for Admin functions-Business Accounts • Additional authentication routine

  6. Effectiveness of Techniques • Device Identification • Simple – i.e. Cookies • Sophisticated – i.e. Digital fingerprint • Challenge Question • Basic Questions • Out of Wallet Questions

  7. Member Awareness and Education • Increase awareness and mitigate risk • Include business and personal account holders • Include: • Protections under Regulation E • When the CU would contact member for credentials • Suggest commercial members perform Risk Assessment • Mechanisms to mitigate risk • List of CU contacts for members use

More Related