Online bank security is set to emerge as a hot industry topic over the coming months and years, with the White House set to release plans for a national digital identity strategy, Federal agencies sitting on new proposals for strengthening bank-to-customer authentication, and the emergence of new online channels and technologies such as social media and cloud computing.
The Obama administration's National Strategy on Trusted Identities in Cyberspace (NSTIC) is expected to release proposals for a federated 'ID ecosystem' this afternoon, following a year of intense consultation and collaboration with public and private sector stakeholders.
The NSTIC intends to set out a strategy that improves upon the passwords currently used to log-in online by encouraging the creation of a digital ID marketplace where users can shop among multiple identity providers.
At the same time, the US banking industry is awaiting fresh guidance from the Federal Financial Institutions Examination Council (FFIEC) on the application of authentication techniques to protect customers from online criminals. This follows a spate of successful cyber attacks on small companies, businesses and retail customer accounts and a succession of legal tussles between banks and their customers over liability issues.
In mid-December, the FFIEC circulated a 10-page draft update to its initial two-factor authentication mandate that was first issued in 2005. The draft update was inadvertently leaked on the Web and contains proposals for improving risk assessment, the introduction of multi-factor authentication and layered security controls capable of monitoring and capturing suspicious account activity.
Regulatory imperatives notwithstanding, the emergence of new consumer channels and the adoption of cloud computing techniques is also expected to create a fresh wave of security challenges for the global banking industry.
Michael Versace, research director, IDC Financial Insights, comments: "IT must plan for ways to effectively extend and support identity and access management policies and infrastructures beyond the data centre and stay in step with the emerging trends driven by the increase in sophistication and numbers of identities in the cloud."
The importance placed on cloud computing by financial institutions was emphasised yesterday in a newly-published report by US investment bank State Street, which forecast rapid take-up by the industry. According to the report, the adoption of cloud computing will bring immeasurable benefits not only within the bank, but also externally to investors through greater automation and capacity on demand, and accelerated time to market of innovative new products - including custom analytics and data.
"Cloud is a new frontier for identity management, and business managers, regulators, and CIOs alike have a lot to consider as identity continues to move beyond the enterprise," says IDC's Versace. "New approaches, practices, and technologies - which today include long lists of siloed identities, passwords, tokens, and other techniques with little interoperability - need to be considered as business users demand more cost effective solutions and customers look to simplify their lives online. In addition, as identity management is a service in and of itself, organisations will look for ways to broker these services in a risk aware, trusted, and reliable way across financial services and with business partners."