Identity Verification

By Ware, Viveca | Independent Banker, November 2006 | Go to article overview

Identity Verification


Ware, Viveca, Independent Banker


Complying with authentication guidance mandates

Financial institutions of all sizes and charter types have roughly 60 days to comply with the guidance governing authentication requirements for Internet-based financial services. The October 2005 guidance, "Authentication in an Internet Banking Environment," was a surprise to many given the absence of a formal industry comment period.

Initially, the Federal Financial Institutions Examination Council (FFIEC) guidance was portrayed as mandating two-factor authentication. In fact, it does not specifically require banks to institute two-factor or multi-factor authenticat ion, nor does it prescribe a particular technology, but rather focuses on risk management.

The guidance does require banks to perform a risk-based assessment of security measures consumer and commercial customers use to access Internet banking and electronic banking applications, including telephone banking systems and call centers. It does not apply to debit or credit cards.

In addition to performing a risk assessment, banks must employ technologies (other than singlefactor authentication) to further protect high-risk transactions involving access to customer information or the movement of funds to other parties. Acceptable technologies include multi-factor authentication, layered security or other controls.

A number of factors, including the availability and customer acceptance of Internet/electronic banking applications; growing concerns regarding online banking transaction security given the rise in data breaches, phishing, pharming and malware; and technological advances propelled the FFIEC's decision to issue the guidance. "The regulators expect financial institutions to 'step it up a notch' in terms of online security," according to Michael L. Jackson, associate director of the FDIC's division of supervision and consumer protection, technology supervision branch. "Moreover, providing a safe online banking channel is consistent with banks' traditional role as trusted intermediaries and stewards of customers' financial information and assets."

Risk Assessments

The risk assessment process cannot be circumvented even if banks and their customers have not experienced fraud or identity theft involving Internet or electronic banking systems. And banks cannot forgo the risk assessment process and proceed to implement multi-factor authentication, layered security or other controls.

Fortunately or unfortunately, there is no template for the required risk assessments. The risk assessment should consider the risks of phishing, pharming, malware, reputation risk, customer harm, transaction risk and any other identified threats. The "Small Entity Compliance Guide for the Interagency Guidelines Establishing Information Security Standards" and the "FFIEC IT Exa mination Handbook, Information Security Booklet" contains general information on risk assessments. The risk assessment process, findings and remediation solutions should be documented.

Banks cannot outsource risk management responsibilities. Client banks of third-party solution providers are still responsible for ensuring that their vendor's process is documented and accurate, and that the solutions are appropriate for the bank and its customers.

Risk assessments must be updated any time there are changes in technology or information systems, the sensitivity of customer information, threats, or business arrangements. …

The rest of this article is only available to active members of Questia

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items

Items saved from this article

This article has been saved
Highlights (0)
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

Citations (0)
Some of your citations are legacy items.

Any citation created before July 30, 2012 will labeled as a “Cited page.” New citations will be saved as cited passages, pages or articles.

We also added the ability to view new citations from your projects or the book or article where you created them.

Notes (0)
Bookmarks (0)

You have no saved items from this article

Project items include:
  • Saved book/article
  • Highlights
  • Quotes/citations
  • Notes
  • Bookmarks
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited article

Identity Verification
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Help
Full screen

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Style
    Citations are available only to our active members.
    Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    Buy instant access to save your work.

    Already a member? Log in now.

    Author Advanced search

    Oops!

    An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.