Bank of America, a pioneer in mobile banking, says mobile is hot, but it also opens financial institutions to unknown risks. What proactive steps should banks and credit unions take to ensure they're ready?
Banks and credit unions are feverishly working to meet the FFIEC's authentication compliance deadline next year. But experts say institutions should be looking beyond the guidance, by making investments in cross-channel fraud detection.
Roger Baker, CIO at the VA, says desktop computers will eventually phase out, as mobile devices become predominant channels for communication and work. That evolution has made plans for ongoing mobile security a priority for organizations that cross every business sector.
"Organizations are putting in layers of security and tools to safeguard information and assets, however, the fraudsters are attacking our weakest link, the consumer," says Anthony Vitale of Patelco Credit Union.
"With a company-issued device, you can issue a policy that says users have no rights of privacy over information on the device," says Javelin's Tom Wills. But with employee-owned devices? A whole new set of issues.
Account takeovers are up, but losses are down. Doug Johnson of the ABA says that's because banks and their customers are catching and blocking suspect ACH transactions before they drains corporate accounts.
Anomaly detection and behavioral monitoring are minimum requirements or mitigating online risks, and the newly-issued supplement to the FFIEC Authentication Guidance highlights why banks and credit unions should be doing more, says Terry Austin of Guardian Analytics.
The FFIEC's updated online authentication guidance urges banks and credit unions to do better jobs of authenticating and identifying devices, areas that aren't bolstering the kind of security they could, says security expert Ori Eisen.