Standards, Regulations & Compliance

Complying with the FFIEC Guidance on a Budget

Complying with the FFIEC Guidance on a Budget
The new FFIEC Guidance is clear. And the deadline to have a plan in place is quickly approaching. Financial institutions need to perform periodic risk assessments of customer authentication controls based on threats and subsequently increase levels of controls based on threats. As part of this risk assessment, Financial institutions need to deploy more sophisticated challenge questions as an effective component to their risk management programs.

What is not clear and where many organizations struggle is figuring out exactly where and when to deploy more sophisticated challenge questions and how to do so given budgetary constraints.

This webinar will arm you with the following information:

  • Identify the difference between simple challenge questions and sophisticated out-of-wallet questions;
  • Clarify when and how to effectively use sophisticated out-of-wallet questions;
  • Provide examples of effective usage out-of-wallet questions;
  • Address how to effectively integrate out-of-wallet questions without exceeding your current budget.

See Also: Fireside Chat | Zero Tolerance: Controlling The Landscape Where You'll Meet Your Adversaries


The FFIEC Supplement to Authentication in an Internet Banking Environment focuses on the need to perform more frequent and more effective assessments. Following the assessments, Financial institutions need to implement layered security techniques to strengthen the security of high-risk transactions, and in particular, utilize more sophisticated challenge questions. This has been highlighted as a weakness in existing systems up to now.

This webinar will discuss authentication techniques based on risk of transaction. We'll explore these techniques in relationship to device identification, dynamic out-of-wallet challenge questions, and out of band authentication methods.

We'll specifically delve into the weaknesses of shared secrets and why they are not appropriate for high risk situations. We'll address why the increase of information from social media has limited the effectiveness of this technique. It will clearly become evident why more sophisticated challenge questions are critical to protect your organization and its reputation. The presenters will give concrete examples of effective out-of-wallet questions that are far superior to shared secrets.

The presentation will also address how to practically integrate challenge questions in, when and where appropriate, to provide the best methods of authentication and risk management possible, without exceeding your budget.

Webinar Registration

Premium Members Only

OnDemand access to this webinar is restricted to Premium Members.

Join Now to Access
Have an account? Sign in.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.