Community
Yesterday the US banking regulator, the Federal Financial Institutions Examination Council (FFIEC), set out its expectations to improve internet banking authentication standards. While the FFIEC calls for, amongst other measures, layered security and more sophisticated one-time cookies where device identification is used, there is notably no mention of strong authentication in their new document.
Strong authentication is already widely implemented in the UK and Scandinavia through the use of tokens and various devices to support card-not-present transactions such as Mastercard's EMV-CAP card readers.
In the past internet banking in the US has generally not made use of strong authentication, which might explain the term's absence in the FFIEC's document, but its use has proven highly effective in other geographies.
Banks recognise that not all customers find using tokens convenient. However, mobile-based tokens or out-of-band verification could be a solution as a practical means of providing strong authentication without the need for users to carry tokens or card readers.
Overall the new guidelines are disappointing. While they do contain some good direction on the use of ‘challenge questions' for example, they focus too much on good practice for security measures used by banks today rather than on measures that might dramatically improve online banking security.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Scott Dawson CEO at DECTA
02 July
Frank Moreno CMO at Entersekt
01 July
Pete McIntyre Financial Services Director at Planixs
Alex Kreger Founder and CEO at UXDA Financial UX Design
30 June
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.