Community
Yesterday the US banking regulator, the Federal Financial Institutions Examination Council (FFIEC), set out its expectations to improve internet banking authentication standards. While the FFIEC calls for, amongst other measures, layered security and more sophisticated one-time cookies where device identification is used, there is notably no mention of strong authentication in their new document.
Strong authentication is already widely implemented in the UK and Scandinavia through the use of tokens and various devices to support card-not-present transactions such as Mastercard's EMV-CAP card readers.
In the past internet banking in the US has generally not made use of strong authentication, which might explain the term's absence in the FFIEC's document, but its use has proven highly effective in other geographies.
Banks recognise that not all customers find using tokens convenient. However, mobile-based tokens or out-of-band verification could be a solution as a practical means of providing strong authentication without the need for users to carry tokens or card readers.
Overall the new guidelines are disappointing. While they do contain some good direction on the use of ‘challenge questions' for example, they focus too much on good practice for security measures used by banks today rather than on measures that might dramatically improve online banking security.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Dirk Emminger Managing Director at knowing finance
02 October
Sireesh Patnaik Chief Product and Technology Officer (CPTO) at Pennant Technologies
Jelle Van Schaick Head of Marketing at Intergiro
01 October
Ruchi Rathor Founder at Payomatix Technologies
30 September
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.