FFIEC Releases Supplement to Authentication in an Internet Banking Environment
On June 29, 2011, the Federal Financial Institutions Examination Council (FFIEC) agencies, which includes the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision, issued supplemental guidance (Supplement) to their 2005 Authentication in an Internet Banking Environment guidance. The revised guidance found in the Supplement must be implemented by all financial institutions no later than January 1, 2012. The Supplement states that financial institutions should perform periodic risk assessments and adjust their customer authentication controls appropriately as new risks are identified. Risk assessments should be updated prior to implementing any new electronic financial services, or, at a minimum, once every twelve months.
The Supplement states that financial institutions should no longer consider simple challenge questions as an effective authentication control due to information that may be available on the Internet and social media sites. Financial institutions should instead utilize sophisticated or out-of-wallet questions that require answers not readily available online.
To view the Supplement in its entirety, please click here.
If you have questions on the impact of the Supplement or wish to speak with someone about enhancing your financial institution s online banking security, please contact the experts listed below at (800) 270-9629.
To receive banking updates from PYA on Twitter, click here.
WE ARE REQUIRED BY IRS CIRCULAR 230 TO INFORM YOU THAT THE FOLLOWING DISCUSSION WAS NOT INTENDED OR WRITTEN TO BE USED, AND IT CANNOT BE USED, NOR RELIED UPON, BY ANY TAXPAYER FOR THE PURPOSE OF AVOIDING ANY PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW. THE ADVICE WAS WRITTEN TO SUPPORT THE PROMOTION OR MARKETING OF THE TRANSACTIONS OR MATTERS ADDRESSED IN THE DISCUSSION. EACH TAXPAYER SHOULD SEEK ADVICE BASED ON ITS PARTICULAR CIRCUMSTANCES FROM AN INDEPENDENT TAX ADVISOR.