Developing an FFIEC Compliant Strategy
New guidance calls for banks to beef up security for Internet banking by the end of 2006 and has left many banks questioning how they will respond.
The banking industry was thrown into a tizzy when the Federal Financial Institutions Examination Council (FFIEC) issued its guidance on authentication in an Internet banking environment in late 2005. The main source of anxiety was the call for multi-factor authentication in the online banking environment. Given that most banks rely upon usernames and passwords to authenticate their online populations, which is considered single-factor authentication, the banking industry is now forced to re-assess its online banking environment. In a new report, , Celent critiques the guidelines from the FFIEC and the available technologies that can help banks comply.
"Prior to the call for multi-factor authentication few banks deployed it," says Ariana-Michele Moore, author of the report. "Therefore most banks are under pressure to find something that will work by year end. Of course, this is easier said than done."
The overall movement of the banking industry toward two-factor authentication has been at a snail's pace. Celent predicts that many banks will scurry at the last minute to put something in place, and it is quite likely that many will not deploy two-factor authentication by year end 2006.
Choosing an approach to multi-factor authentication is not easy in today's environment. To the bank's advantage, several solutions have existed in the market for years, but many have also failed to gain traction due to their high cost of implementation, inconvenience to customers, and, at times, the overall ridiculousness of their intended application. However, a few solutions are positioned as strong contenders for financial institutions.
Among the leaders are computer analysis solutions and out-of-band authentication. Though others, such as tokens and biometrics, would provide the most robust method of authentication, they are often not practical for today's online customer. Regardless of the method chosen, banks are wise to choose something that is convenient, consumer friendly, flexible, and capable of rebuilding consumer trust. Above all, it is important to remember that fraud is an evolving beast will continue to keep us on our toes for years to come.
A table of contents for the report is available online.