FFIEC Releases Supplement to Authentication in an Internet Banking Environment

FFIEC Releases Supplement to Authentication in an Internet Banking Environment

On June 29, 2011, the Federal Financial Institutions Examination Council (FFIEC) agencies, which includes the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision, issued supplemental guidance (Supplement) to their 2005 Authentication in an Internet Banking Environment guidance. The revised guidance found in the Supplement must be implemented by all financial institutions no later than January 1, 2012. The Supplement states that financial institutions should perform periodic risk assessments and adjust their customer authentication controls appropriately as new risks are identified. Risk assessments should be updated prior to implementing any new electronic financial services, or, at a minimum, once every twelve months.

The Supplement states that financial institutions should no longer consider simple challenge questions as an effective authentication control due to information that may be available on the Internet and social media sites. Financial institutions should instead utilize sophisticated or out-of-wallet questions that require answers not readily available online.

To view the Supplement in its entirety, please click here.

If you have questions on the impact of the Supplement or wish to speak with someone about enhancing your financial institution s online banking security, please contact the experts listed below at (800) 270-9629.

To receive banking updates from PYA on Twitter, click here.

WE ARE REQUIRED BY IRS CIRCULAR 230 TO INFORM YOU THAT THE FOLLOWING DISCUSSION WAS NOT INTENDED OR WRITTEN TO BE USED, AND IT CANNOT BE USED, NOR RELIED UPON, BY ANY TAXPAYER FOR THE PURPOSE OF AVOIDING ANY PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW. THE ADVICE WAS WRITTEN TO SUPPORT THE PROMOTION OR MARKETING OF THE TRANSACTIONS OR MATTERS ADDRESSED IN THE DISCUSSION. EACH TAXPAYER SHOULD SEEK ADVICE BASED ON ITS PARTICULAR CIRCUMSTANCES FROM AN INDEPENDENT TAX ADVISOR.


Mike Shamblin

Mike Shamblin

Managing Principal of Audit & Assurance Services

Matt Neilson

Matt Neilson

Principal

Share This Insight

If you received value from this article, please share it with your network (e.g., Facebook, Twitter, LinkedIn). Icons below for your convenience.

Stay Current

* indicates required
Monthly eNewsletters
See more newsletter and alert options.

PYA Population Health Ascend

PYA Healthcare Blog

PYA Thought Leadership Services

The Healthcare Loop