Hey FFIEC, Is This Really Guidance?

Create a vendor selection project & run comparison reports
Click to express your interest in this report
Indication of coverage against your requirements
A subscription is required to activate this feature. Contact us for more info.
Celent have reviewed this profile and believe it to be accurate.
5 July 2011


  • So beyond multi-factor authentication at login, what type of solutions do you think should have been proposed in the Supplement?

    Challenge-response questions, tokens, certificates, etc. are all old news in the online security world. I'm curious how you think banks can go beyond the security-guard-at-the-door mentality and bring some real innovation to combat these increasingly sophisticated and savvy hackers.


  • Definitely nothing to do with authentication. There is no silver bullet right now. It's either the security guard at the door or a real hassle for consumers.

    My recommendation for one of the layers is a forensics solution, one that tracks behaviour and looks for patterns. It's a must have for banks of all sizes and is transparent to the end-user. Couple this with improved and mandatory customer training and education and you have a win-win piece of the solution.

    The devil is in the details.