slide1 n.
Download
Skip this Video
Download Presentation
ffiec/pdf/Auth-ITS-Final%206-22-11%20(FFIEC%20Formated).pdf

Loading in 2 Seconds...

play fullscreen
1 / 7

ffiec/pdf/Auth-ITS-Final%206-22-11%20(FFIEC%20Formated).pdf - PowerPoint PPT Presentation


  • 127 Views
  • Uploaded on

FFIEC Agency Supplement to Authentication in an Internet Banking Environment. http://www.ffiec.gov/pdf/Auth-ITS-Final%206-22-11%20(FFIEC%20Formated).pdf. Released: June 2011. Risk Assessment. Review and Update: As new information becomes available Prior to implementing new services

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'ffiec/pdf/Auth-ITS-Final%206-22-11%20(FFIEC%20Formated).pdf' - cole-obrien


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

FFIEC Agency Supplement to Authentication in an Internet Banking Environment

http://www.ffiec.gov/pdf/Auth-ITS-Final%206-22-11%20(FFIEC%20Formated).pdf

Released: June 2011

slide2

Risk Assessment

  • Review and Update:
    • As new information becomes available
    • Prior to implementing new services
    • At least every 12 months
  • Consider the following:
    • Changes in threat environment
    • Changes in membership base
    • Changes in functionality
    • Actual incidents of breach and fraud
slide3

High-Risk Transactions

  • Defined as:
    • Electronic transactions involving access to member information or the movement of funds to other parties.
    • Not every online transaction poses the same level of risk.
  • Consumer online banking
    • Layered Security
  • Commercial online banking
    • Layered Security AND Multifactor
    • authentication.
slide4

Layered Security

  • Effective Controls include:
    • Fraud detection and monitoring systems
    • Use of dual member authorization
    • Use of out-of-band verification
    • Use of positive pay and debit blocks
    • Enhanced controls over activities
    • Block connection to IP address known for fraud
    • Address member devices identified as compromised
    • Enhanced control over maintenance activities
    • Enhanced member education
slide5

Layered Security Programs

  • Detect and Respond to Suspicious Activity
    • At initial log-in and authentication
    • At initiation of transfer to other parties
  • Controls for Admin functions-Business Accounts
    • Additional authentication routine
slide6

Effectiveness of Techniques

  • Device Identification
    • Simple – i.e. Cookies
    • Sophisticated – i.e. Digital fingerprint
  • Challenge Question
    • Basic Questions
    • Out of Wallet Questions
slide7

Member Awareness and Education

  • Increase awareness and mitigate risk
  • Include business and personal account holders
  • Include:
    • Protections under Regulation E
    • When the CU would contact member for credentials
    • Suggest commercial members perform Risk Assessment
    • Mechanisms to mitigate risk
    • List of CU contacts for members use
ad