Voice and Wireless Communications Present Unique Security Challenges, Regulators Say

Voice and Wireless Communications Present Unique Security Challenges, Regulators Say
Banking via telephone and wireless mobile devices has become an important delivery channel for financial institutions. As with Internet banking, telephones and wireless devices afford great convenience for bank customers, but unfortunately they too are prone to phishing and other forms of attack.

The Federal Financial Institutions Examination Council has made clear that banks need to safeguard all customer channels against fraud. Understanding the risks and the steps to mitigate them can go a long way to securing not only a bank's information, but its reputation as well.

Although the deadline for FFIEC compliance has passed, many banks have yet to implement some of the authentication safeguards, such as multifactor and mutual authentication. Those that are considered to have a leg up against their completion.

Desert Schools Federal Credit Union in Arizona moved aggressively to upgrade its security in order to meet the compliance deadline and is glad it did. "It gives our members more comfort that we're secure and deterring any fraud opportunities," says Desert Schools CIO Ron Amstutz. Desert Schools in 2006 installed authentication and fraud detection software for online banking, to be used at both login and in session. It has also tested some biometric products internally.

Even as many banks contemplate how to comply with the FFIEC's online banking guidance, they're being challenged to protect their voice and wireless channels as well. "Phase one in 2006 was about installing fraud detection and multifactor authentication for online banking," says Jon Fisher, CEO of a leading security software manufacturer. "Phase two, in 2007, will be about securing call centers and mobile devices."

This is especially true for high-risk transactions like wire transfers, where the threat of account hijacking demands maximum security for the online and voice channels.

Somerset Trust in Pennsylvania is implementing voice verification technology to secure wire transfers, and envisions using it across all banking services requiring multi-factor authentication, including its call center, telephone, online and bill pay services. The technology offers a natural way to verify a person’s identity, and will help the bank comply with the FFIEC guidance.

The bank is streamlining wire transfer "with a process our customers will use and feel confident about,” says Richard Stern, VP and treasurer of Somerset Trust. “We are intrigued by the possibility of voice being the only method of authentication needed - a single user credential that can be used for every aspect of the customer relationship.”


About the Author

Andrew Miller

Andrew Miller is a freelance writer specializing in financial services and information technology. He holds an MBA from Columbia University and a Master's in computer science from Rensselaer Polytechnic Institute. He has held jobs at CMP Media, MetLife, and Gartner.




Around the Network