We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

US advisory body calls for more secure internet banking

Threat of phishing means banks must sharpen up their act

Yesterday a multi-agency US federal advisory body, with broad regulatory powers over banks, issued guidelines aimed at improving security in internet-based banking and financial services.

The FFIEC (Federal Financial Institutions Examination Council) updated its guidance for how financial institutions should plan to authenticate customers’ online identities by the end of next year. The FFIEC said authentication of a customer via simple password and ID alone is “inadequate for high-risk transactions involving access to customer information or the movement of funds to other partners”.

The guidelines, entitled Authentication in an Internet Banking Environment, replaces a guidance document issued in 2001, Authentication in an Electronic Banking Environment.”

The Washington-based FFIEC is composed of member agencies that include the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance, the National Credit Union Administration, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision, along with five representatives from state regulatory agencies.

The FFIEC claims to not endorse any particular technology in its guidance, which simply emphasizes that “the authentication techniques employed by the financial institution should be appropriate to the risks associated with their products and services”.

The FFIEC document does provide basic descriptions of several technologies, including digital certificates, smart cards, one-time passwords, USB plug-ins, and biometric identification methods, among others.

The guidance document, which the FFIEC says it issued due to concerns about phishing, identity theft and online fraud, indicates the FFIEC expects to see stronger authentication methods in place next year.

At the same time, the FFIEC also notes the impact of “catastrophic events”, such as that caused by hurricanes, could affect the ability of some financial institutions to conform to the guidance “within the specified timeframe”. In some instances, affected financial institutions would be afforded an extension if circumstances warrant, the FFIEC said.

IDG UK Sites

Android M Developer Preview announced at Google I/O: Android M UK release date and new features. Wh?......

IDG UK Sites

Why I think the Apple Watch sucks and you'd be mad to buy it

IDG UK Sites

Ben & Holly's Game of Thrones titles spoof is delightfully silly

IDG UK Sites

Mac OS X 10.11 release date rumours: all the new features expected in Yosemite successor