Agencies

Anti-Money Laundering

Business Continuity & Disaster Recovery

Compliance

Emerging Technology

Governance and Standards

Identity Theft

Leadership Management

Physical Security

Risk Management

Training & Education

Webinar Calendar

Vendor Directory

Content Library

Products

Events

About Us

Resources

Customer Authentication and Internet Banking Alert

STRONG AuthenticationOffice of the Comptroller of the Currency (OCC)Information Security
Risk Management

In October 2005, the FFIEC agencies (agencies) issued guidance entitled Authentication in an Internet Banking Environment (guidance) . The guidance focuses on the risks of fraud and identity theft associated with Internet banking activities. The guidance states that financial institutions should perform a risk assessment, identify and strengthen control weaknesses, measure and evaluate customer awareness efforts, and implement any necessary corrective actions. National banks are expected to have achieved conformance with the guidance by year-end 2006.

It is anticipated that there will be increased activity by fraudsters to send false communications with the intent of obtaining customer information for the purposes of fraud and identity theft. These communications may attempt to exploit the December 31, 2006, conformance date. For example, communications purporting to be from a national bank could inform customers that, due to the FFIEC guidance, the bank is required to change its security procedures and, as a result, request customers to re-register or provide personal information that would enable the bank to comply with the regulatory requirement.

> Read entire regulation (log in required - registration is free)