Presentation is loading. Please wait.

Presentation is loading. Please wait.

11%20(FFIEC%20Formated).pdf FFIEC Agency Supplement to Authentication in an Internet Banking Environment.

Similar presentations


Presentation on theme: "11%20(FFIEC%20Formated).pdf FFIEC Agency Supplement to Authentication in an Internet Banking Environment."— Presentation transcript:

1 http://www.ffiec.gov/pdf/Auth-ITS-Final%206-22- 11%20(FFIEC%20Formated).pdf FFIEC Agency Supplement to Authentication in an Internet Banking Environment Released: June 2011

2 Review and Update: As new information becomes available Prior to implementing new services At least every 12 months Consider the following: Changes in threat environment Changes in membership base Changes in functionality Actual incidents of breach and fraud Risk Assessment

3 Defined as: Electronic transactions involving access to member information or the movement of funds to other parties. Not every online transaction poses the same level of risk. Consumer online banking Layered Security Commercial online banking Layered Security AND Multifactor authentication. High-Risk Transactions

4 Effective Controls include: Fraud detection and monitoring systems Use of dual member authorization Use of out-of-band verification Use of positive pay and debit blocks Enhanced controls over activities Block connection to IP address known for fraud Address member devices identified as compromised Enhanced control over maintenance activities Enhanced member education Layered Security

5 Detect and Respond to Suspicious Activity At initial log-in and authentication At initiation of transfer to other parties Controls for Admin functions-Business Accounts Additional authentication routine Layered Security Programs

6 Device Identification Simple – i.e. Cookies Sophisticated – i.e. Digital fingerprint Challenge Question Basic Questions Out of Wallet Questions Effectiveness of Techniques

7 Increase awareness and mitigate risk Include business and personal account holders Include: Protections under Regulation E When the CU would contact member for credentials Suggest commercial members perform Risk Assessment Mechanisms to mitigate risk List of CU contacts for members use Member Awareness and Education


Download ppt "11%20(FFIEC%20Formated).pdf FFIEC Agency Supplement to Authentication in an Internet Banking Environment."

Similar presentations


Ads by Google