We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

US advisory body calls for more secure internet banking

Threat of phishing means banks must sharpen up their act

Yesterday a multi-agency US federal advisory body, with broad regulatory powers over banks, issued guidelines aimed at improving security in internet-based banking and financial services.

The FFIEC (Federal Financial Institutions Examination Council) updated its guidance for how financial institutions should plan to authenticate customers’ online identities by the end of next year. The FFIEC said authentication of a customer via simple password and ID alone is “inadequate for high-risk transactions involving access to customer information or the movement of funds to other partners”.

The guidelines, entitled Authentication in an Internet Banking Environment, replaces a guidance document issued in 2001, Authentication in an Electronic Banking Environment.”

The Washington-based FFIEC is composed of member agencies that include the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance, the National Credit Union Administration, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision, along with five representatives from state regulatory agencies.

The FFIEC claims to not endorse any particular technology in its guidance, which simply emphasizes that “the authentication techniques employed by the financial institution should be appropriate to the risks associated with their products and services”.

The FFIEC document does provide basic descriptions of several technologies, including digital certificates, smart cards, one-time passwords, USB plug-ins, and biometric identification methods, among others.

The guidance document, which the FFIEC says it issued due to concerns about phishing, identity theft and online fraud, indicates the FFIEC expects to see stronger authentication methods in place next year.

At the same time, the FFIEC also notes the impact of “catastrophic events”, such as that caused by hurricanes, could affect the ability of some financial institutions to conform to the guidance “within the specified timeframe”. In some instances, affected financial institutions would be afforded an extension if circumstances warrant, the FFIEC said.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Stop running out of cellular data on your iPhone, see which apps use the most data