The US Office of the Comptroller of the Currency (OCC) is warning financial institutions that the Federal Financial Institute Examination Council's (FFIEC) guidance for online authentication could lead to a new wave of phishing fraud.
In an alert sent out to US banks, the OCC warns that fraudsters may attempt to use the increasing publicity surrounding the FFIEC's year-end compliance deadline to target Web banking customers.
For example, the OCCC says communications purporting to be from a bank could inform customers that, due to the FFIEC guidance, the bank is required to change security procedures and requests that customers re-register or provide personal data.
"It is anticipated that there will be increased activity by fraudsters to send false communications with the intent of obtaining customer data for the purposes of fraud and identity theft," says the regulator in a statement.
Phishers may even use the FFIEC logo and provide a link in order to con customers.
The regulator says banks should inform customers well in advance of the year-end deadline of any changes to Internet or electronic banking applications, or that no changes are expected.
"Customers should be warned of possible fraudulent activity and about the types of information that may be requested," says the OCC, adding that banks should explain also to customers their policy regarding personal data.
Banks should consider introducing a "hot-line" or free phone number that customers can call for verification before responding to a random request for data, says the OCC.