Corporate account takeover events are reigniting the debate between banks and their former commercial customers, about everything from fraud liability and the "good faith" standard to commercially reasonable security.
With the issuance of the final FFIEC Authentication Guidance, institutions need to start moving forward on conformance, and taking a risk-focused approach is the first step, says Matthew Speare, SVP of IT for M&T Bank Corp.
On June 28, the FFIEC released its final, formal version of its Authentication Guidance. Not even one month later, we've created three new training programs to help banking institutions understand and conform with the guidance.
In a merger, it's important for both organizations to have strong communication and data protection processes in place, says Phil Romero, senior security architect of First Technology Federal Credit Union. His institution just led a $4.75 billion merger.
It's not enough for banking institutions to conform to the FFIEC Authentication Guidance update. They also must ensure that their key vendors meet the same standards, says Philip Alexander of Wells Fargo Bank.
Former banking regulator William Henley has simple advice for banking institutions wondering how to comply with the new FFIEC authentication guidance update: "Start immediately, develop a plan, and document your progress."
The new FFIEC online authentication guidance update is a good "cookbook" for financial institutions to apply layered security, says Avivah Litan of Gartner.
Now that the FFIEC Authentication Guidance update has been issued, there is no more important task for banking institutions than to conduct their risk assessments, says Matthew Speare of M&T Bank Corp.
Doug Johnson of the American Bankers Association says banking institutions should spend the next five months focusing on their risk assessments, as they work to meet the FFIEC's new authentication guidance update.
First-party fraud includes more than bad payments, and banking institutions should expand how they internally classify and track first-party fraud, even if regulatory definitions are limited in scope.
Emerging technology is often touted for enhancing security. But if not properly deployed and integrated, these technologies can hinder rather than improve security.
Jeff Kopchik of the FDIC says too much emphasis on what's "missing" from the FFIEC's new guidance detracts from regulators' intent: providing financial institutions with a guideline for securing online transactions.
For all the latest news and views, please visit the FFIEC Authentication Guidance Resource Center.
Gartner's Avivah Litan says regulators have done a nice job of emphasizing why and how banks and credit unions need to implement layered security that adequately addresses online risks. But the guidance falls short...
"The FFIEC guidance does a good job of addressing today's and yesterday's threats and suggested techniques, but it is not sufficiently forward-looking," says Gartner's Avivah Litan. "Two years from now, the guidance will be sorely out of date."
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.