Presentation is loading. Please wait.

Presentation is loading. Please wait.

AUTHENTICATION IN AN INTERNET ENVIRONMENT Dominick E. Nigro NCUA Information Systems Officer.

Published byJulianna Reynolds Modified over 8 years ago

Similar presentations

Presentation on theme: "AUTHENTICATION IN AN INTERNET ENVIRONMENT Dominick E. Nigro NCUA Information Systems Officer."— Presentation transcript:

1 AUTHENTICATION IN AN INTERNET ENVIRONMENT Dominick E. Nigro NCUA Information Systems Officer

2 Reason For Guidance  Changes to Privacy and Security Regulations  Increased Incidents of Identity Theft/Fraud  Authentication Methods Contribute to Identity Theft/Fraud  Authentication Technology Advances

3 Why Effective Authentication?  Safeguard Member Information  Reduce Fraud/Identity Theft  Prevent Money Laundering and Terrorist Financing  Promote Legal Enforceability of Electronic Agreements and Transactions  Reduce Risk of Business with Unauthorized Individuals

4 What does NCUA expect?  Assess the Authentication Risks associated with Internet Based Services  Assess effectiveness of Authentication Methodology  Implement/Review program to Monitor Systems  Determine reporting policies/procedures in place if Unauthorized Access occurs  Evaluate Member Awareness Program

5 Authentication Risk Assessment  Identify all Access and Transactions associated with Internet-based products and services  Determine if Internet Based Services provide High Risk Transactions  Identify Authentication Methods used for Internet Based Services  Determine effectiveness of Authentication Methods for High Risk Transactions

6 Member Account Authentication  If Risk Assessment identifies inadequate Authentication for High Risk Transactions  Multifactor Authentication  Layered Security  Other Controls

7 Authentication Methods  Multifactor Authentication  Something the user knows (pin/password)  Something the user has (smart card/token)  Something a user is (biometrics, fingerprint)

8 Authentication Methods  Layered Security – Multiple controls and multiple control points  Other Controls – Technology and controls that are emerging or that may be introduced in the future

9 Monitoring Systems  Detection of Unauthorized Access  Implement Audit procedures which Assist in detection of fraudAssist in detection of fraud Money launderingMoney laundering Compromised passwordsCompromised passwords Other unauthorized activitiesOther unauthorized activities

10 Reporting Requirements  Unauthorized Access Requires Notifying  Management  NCUA Regional Director  Appropriate Law Enforcement  Filing Suspicious Activity Report  Member Notification  Appendix B of Part 748 of NCUA RR

11 Member Awareness Programs  Key to reduce Fraud and Identity Theft  Implement/Revise Member Awareness Program  Evaluate Education efforts  Identify additional efforts

12 Conclusion  Assess Risk of Internet-based products and services  Establish effective Authentication methods  Monitor systems for Unauthorized Access  Report Unauthorized Access  Notify Members of Unauthorized Access, if warranted  Educate members  Complete process by Year-end 2006

Download ppt "AUTHENTICATION IN AN INTERNET ENVIRONMENT Dominick E. Nigro NCUA Information Systems Officer."

Similar presentations

FFIEC Agency Supplement to Authentication in an Internet Banking Environment http://www.ffiec.gov/pdf/Auth-ITS-Final%206-22-11%20(FFIEC%20Formated).pdf.

FFIEC Agency Supplement to Authentication in an Internet Banking Environment
Women in Technology 2009 Mary Henthorn. Security Prevent loss, theft, or inappropriate access Privacy Ensure freedom from intrusion or disturbance Security.

Women in Technology 2009 Mary Henthorn. Security Prevent loss, theft, or inappropriate access Privacy Ensure freedom from intrusion or disturbance Security.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
©2012 CliftonLarsonAllen LLP 1 111 Red Flags- Why This Matters to You An overview of the FACT Act Identity Theft Red Flag Rule and its current impact.

©2012 CliftonLarsonAllen LLP Red Flags- Why This Matters to You An overview of the FACT Act Identity Theft Red Flag Rule and its current impact.
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.

Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
Consumer Authentication in e-Banking & Part 748 – Appendix B Response Program Catherine Yao Information Systems Officer NCUA.

Consumer Authentication in e-Banking & Part 748 – Appendix B Response Program Catherine Yao Information Systems Officer NCUA.
RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.

RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.

Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.
Information Security Policies and Standards

Information Security Policies and Standards
Information Systems Security Officer

Information Systems Security Officer
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA 2014. The policy advocacy and regulatory work of the GSMA Mobile Money team.

Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA The policy advocacy and regulatory work of the GSMA Mobile Money team.
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.
Emerging payment systems Risks and Regulations: the way forward.

Emerging payment systems Risks and Regulations: the way forward.
BRIEFING TO THE PORTFOLIO COMMITTEE ON THE DPSA’S RISK MANAGEMENT STRATEGY PRESENTATION TO THE PORTFOLIO COMMITTEE 12 MAY 2010 1.

BRIEFING TO THE PORTFOLIO COMMITTEE ON THE DPSA’S RISK MANAGEMENT STRATEGY PRESENTATION TO THE PORTFOLIO COMMITTEE 12 MAY
Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.

Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.

Similar presentations

Ads by Google