FFIEC issues new guidance on authentication in online transactions

FFIEC issues new guidance on authentication in online transactions

On October 12, 2005, the Federal Financial Institutions Examination Council issued guidance entitled Authentication in an Electronic Banking Environment regarding authentication of customers in online financial transactions. This guidance updates guidance issued in 2001 and states three essential po...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Banking & Financial Services Policy Report 2006-02, Vol.25 (2), p.1
Hauptverfasser: Hayes, Benjamin S, Judy, Henry L, Ritter, Jeffrey B
Format: Artikel
Sprache:eng
Schlagworte:
Authentication protocols
Automation
Banks
Biometrics
Customers
Electronic banking
Electronic commerce
Financial institutions
Identity theft
Regulation of financial institutions
Risk assessment
Software
Technological change
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:On October 12, 2005, the Federal Financial Institutions Examination Council issued guidance entitled Authentication in an Electronic Banking Environment regarding authentication of customers in online financial transactions. This guidance updates guidance issued in 2001 and states three essential points: 1. Single-factor authentication, as the only control mechanism, is considered inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties. 2. The authentication techniques employed by the financial institution should be appropriate to the risks associated with the involved products and services. 3. When risk assessments indicate that the use of single-factor authentication is inadequate, financial institutions should implement multi-factor authentication, layered security, or other controls reasonably calculated to mitigate those risks.
ISSN:1530-499X