Identity Verification

By Ware, Viveca | Independent Banker, November 2006 | Go to article overview

Identity Verification


Ware, Viveca, Independent Banker


Complying with authentication guidance mandates

Financial institutions of all sizes and charter types have roughly 60 days to comply with the guidance governing authentication requirements for Internet-based financial services. The October 2005 guidance, "Authentication in an Internet Banking Environment," was a surprise to many given the absence of a formal industry comment period.

Initially, the Federal Financial Institutions Examination Council (FFIEC) guidance was portrayed as mandating two-factor authentication. In fact, it does not specifically require banks to institute two-factor or multi-factor authenticat ion, nor does it prescribe a particular technology, but rather focuses on risk management.

The guidance does require banks to perform a risk-based assessment of security measures consumer and commercial customers use to access Internet banking and electronic banking applications, including telephone banking systems and call centers. It does not apply to debit or credit cards.

In addition to performing a risk assessment, banks must employ technologies (other than singlefactor authentication) to further protect high-risk transactions involving access to customer information or the movement of funds to other parties. Acceptable technologies include multi-factor authentication, layered security or other controls.

A number of factors, including the availability and customer acceptance of Internet/electronic banking applications; growing concerns regarding online banking transaction security given the rise in data breaches, phishing, pharming and malware; and technological advances propelled the FFIEC's decision to issue the guidance. "The regulators expect financial institutions to 'step it up a notch' in terms of online security," according to Michael L. Jackson, associate director of the FDIC's division of supervision and consumer protection, technology supervision branch. "Moreover, providing a safe online banking channel is consistent with banks' traditional role as trusted intermediaries and stewards of customers' financial information and assets."

Risk Assessments

The risk assessment process cannot be circumvented even if banks and their customers have not experienced fraud or identity theft involving Internet or electronic banking systems. And banks cannot forgo the risk assessment process and proceed to implement multi-factor authentication, layered security or other controls.

Fortunately or unfortunately, there is no template for the required risk assessments. The risk assessment should consider the risks of phishing, pharming, malware, reputation risk, customer harm, transaction risk and any other identified threats. The "Small Entity Compliance Guide for the Interagency Guidelines Establishing Information Security Standards" and the "FFIEC IT Exa mination Handbook, Information Security Booklet" contains general information on risk assessments. The risk assessment process, findings and remediation solutions should be documented.

Banks cannot outsource risk management responsibilities. Client banks of third-party solution providers are still responsible for ensuring that their vendor's process is documented and accurate, and that the solutions are appropriate for the bank and its customers.

Risk assessments must be updated any time there are changes in technology or information systems, the sensitivity of customer information, threats, or business arrangements.

The rest of this article is only available to active members of Questia

Sign up now for a free, 1-day trial and receive full access to:

  • Questia's entire collection
  • Automatic bibliography creation
  • More helpful research tools like notes, citations, and highlights
  • Ad-free environment

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Project items

Items saved from this article

This article has been saved
Highlights (0)
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

Citations (0)
Some of your citations are legacy items.

Any citation created before July 30, 2012 will labeled as a “Cited page.” New citations will be saved as cited passages, pages or articles.

We also added the ability to view new citations from your projects or the book or article where you created them.

Notes (0)
Bookmarks (0)

You have no saved items from this article

Project items include:
  • Saved book/article
  • Highlights
  • Quotes/citations
  • Notes
  • Bookmarks
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

1

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited article

Identity Verification
Settings

Settings

Typeface
Text size Smaller Larger
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Full screen

matching results for page

Cited passage

Style
Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

"Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

"Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

"Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited passage

Welcome to the new Questia Reader

The Questia Reader has been updated to provide you with an even better online reading experience.  It is now 100% Responsive, which means you can read our books and articles on any sized device you wish.  All of your favorite tools like notes, highlights, and citations are still here, but the way you select text has been updated to be easier to use, especially on touchscreen devices.  Here's how:

1. Click or tap the first word you want to select.
2. Click or tap the last word you want to select.

OK, got it!

Thanks for trying Questia!

Please continue trying out our research tools, but please note, full functionality is available only to our active members.

Your work will be lost once you leave this Web page.

For full access in an ad-free environment, sign up now for a FREE, 1-day trial.

Already a member? Log in now.