Too many banks and credit unions are being narrow-minded in their approaches to FFIEC Authentication Guidance conformance, by focusing on commercial accounts and neglecting retail accounts, one ACH fraud attorney says.
Many organizations are still using personal information, such as mother's maiden name and date of birth, to verify user identities. However, personal data is everywhere - in search engines and on social networking and other third-party sites - making the use of these static data elements a less secure measure for...
The FFIEC Authentication Guidance update has been in circulation since mid-2011. But as banking examiners begin testing for conformance, we find:
Only 11% of surveyed institutions have come into conformance since the guidance was issued;
Nearly 30% don't fully understand the guidance;
88% do not believe the...