Join the Community

21,754
Expert opinions
43,842
Total members
451
New members (last 30 days)
188
New opinions (last 30 days)
28,612
Total comments

Strong authentication absent in new FFIEC guidelines

3 comments

Yesterday the US banking regulator, the Federal Financial Institutions Examination Council (FFIEC), set out its expectations to improve internet banking authentication standards. While the FFIEC calls for, amongst other measures, layered security and more sophisticated one-time cookies where device identification is used, there is notably no mention of strong authentication in their new document.

 

Strong authentication is already widely implemented in the UK and Scandinavia through the use of tokens and various devices to support card-not-present transactions such as Mastercard's EMV-CAP card readers.

 

In the past internet banking in the US has generally not made use of strong authentication, which might explain the term's absence in the FFIEC's document, but its use has proven highly effective in other geographies.

 

Banks recognise that not all customers find using tokens convenient. However, mobile-based tokens or out-of-band verification could be a solution as a practical means of providing strong authentication without the need for users to carry tokens or card readers.

 

Overall the new guidelines are disappointing. While they do contain some good direction on the use of ‘challenge questions' for example, they focus too much on good practice for security measures used by banks today rather than on measures that might dramatically improve online banking security.

 

 

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

21,754
Expert opinions
43,842
Total members
451
New members (last 30 days)
188
New opinions (last 30 days)
28,612
Total comments

Trending

Dirk Emminger

Dirk Emminger Managing Director at knowing finance

Competition and Cooperation: In an AI-Dominated World (A2)

Sireesh Patnaik

Sireesh Patnaik Chief Product and Technology Officer (CPTO) at Pennant Technologies

Empowering the Lending Industry: How Low-Code, No-Code, Pro-Code Platforms are Driving Innovation

Now Hiring