Presentation is loading. Please wait.

Presentation is loading. Please wait.

FFIEC Agency Supplement to Authentication in an Internet Banking Environment http://www.ffiec.gov/pdf/Auth-ITS-Final%206-22-11%20(FFIEC%20Formated).pdf.

Similar presentations


Presentation on theme: "FFIEC Agency Supplement to Authentication in an Internet Banking Environment http://www.ffiec.gov/pdf/Auth-ITS-Final%206-22-11%20(FFIEC%20Formated).pdf."— Presentation transcript:

1 FFIEC Agency Supplement to Authentication in an Internet Banking Environment
Released: June 2011

2 Risk Assessment Review and Update:
As new information becomes available Prior to implementing new services At least every 12 months Consider the following: Changes in threat environment Changes in membership base Changes in functionality Actual incidents of breach and fraud

3 High-Risk Transactions
Defined as: Electronic transactions involving access to member information or the movement of funds to other parties. Not every online transaction poses the same level of risk. Consumer online banking Layered Security Commercial online banking Layered Security AND Multifactor authentication.

4 Layered Security Effective Controls include:
Fraud detection and monitoring systems Use of dual member authorization Use of out-of-band verification Use of positive pay and debit blocks Enhanced controls over activities Block connection to IP address known for fraud Address member devices identified as compromised Enhanced control over maintenance activities Enhanced member education

5 Layered Security Programs
Detect and Respond to Suspicious Activity At initial log-in and authentication At initiation of transfer to other parties Controls for Admin functions-Business Accounts Additional authentication routine

6 Effectiveness of Techniques
Device Identification Simple – i.e. Cookies Sophisticated – i.e. Digital fingerprint Challenge Question Basic Questions Out of Wallet Questions

7 Member Awareness and Education
Increase awareness and mitigate risk Include business and personal account holders Include: Protections under Regulation E When the CU would contact member for credentials Suggest commercial members perform Risk Assessment Mechanisms to mitigate risk List of CU contacts for members use


Download ppt "FFIEC Agency Supplement to Authentication in an Internet Banking Environment http://www.ffiec.gov/pdf/Auth-ITS-Final%206-22-11%20(FFIEC%20Formated).pdf."

Similar presentations


Ads by Google