01 August 2014

Security vendors to cash in on FFIEC e-banking authentication guidance

16 December 2011  |  6138 views  |  0 safelock

Over 80% of US banks and credit unions plan to invest in new technologies to help them conform to new FFIEC online banking security guidance, according to a survey from vendor Guardian Analytics.

In June the FFIEC (Federal Financial Institutions Examination Council) updated its advice to banks, setting out what it expects from customer authentication, layered security and other controls in the "increasingly hostile online environment".

The update to 2005 guidance followed a spate of successful cyber attacks on small companies, businesses and retail customer accounts and a succession of legal tussles between banks and their customers over liability issues.

The council - which includes representatives from six agencies - says that with no authentication method fool-proof, banks must implement a layered security programme, using at least two elements.

The results of Guardian Analytics' poll of more than 300 executives at over 100 banks and credit unions suggest that institutions are acting on the new expectations but many will still have to rush to meet the 2012 deadline.

So far, only 57% of institutions have completed their risk assessment and 59% have formulated a plan to fill their online banking security gaps.

The new guidance looks set to be a boon to security vendors, with the majority - 84% - of respondents planning to invest in new technologies to address the enhanced expectations.

However, despite the deadline rapidly approaching, only 43% say they have actually purchased new tech, with 49% intending to in the future. Many are planning their investments for the next six to 12 months, just in time for their 2012 exam.

The survey also reveals confusion over what exactly is expected, with nearly half of those quizzed not fully understanding the minimum expectations. When asked, 41% were unable to identify anomaly detection as an FFIEC minimum expectation for layered security, and 56% could not identify enhanced controls for business banking administrative functions.

Terry Austin , CEO,Guardian Analytics, says: "The FFIEC raised the bar on their expectations for online security, and financial institutions are scrambling to evaluate and invest in preparation for their 2012 exams."

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Related blogs

Create a blog about this story (membership required)

Related stories

15 November, 2011
19 July, 2011
29 June, 2011
08 June, 2011
15 April, 2011
11 September, 2006

Featured job

Basic £150K Variable on target £150K
London based with substantial international travel

Find your next job