In October 2005 the Federal Financial Institution Examination Council (FFIEC) issued guidance stating that Single-factor authentication methodologies may not provide sufficient protection for Internet-based financial services. The FFIEC agencies consider single-factor authentication, when used as the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties. The guidance describes enhanced authentication methods that regulators expect banks to use when authenticating the identity of customers using the on-line products and services.
In this workshop BankInfoSecurity.com will present the steps an organization needs to take in order to comply with this guidance. This workshop will start with a concise explanation of the Strong Authentication guidance, its applicability to specific systems and processes, the roles and responsibilities of internal staff versus external service providers, and the impact of this guidance on the organization’s online customers. The workshop will build upon this initial background information and present how an organization needs to conduct a risk assessment over the Internet-facing banking systems. This will include systems hosted internally by an organization as well as provided by 3rd party service providers.
This workshop will present an overview of the authentication technologies referenced in this guidance and the process an organization can follow to implement solutions that address specific risks facing an Internet-facing system. Other topics addressed will include account origination and customer verification, as well as the role of customer awareness and education.