Vasco critical of FFIEC online security guidance

Source: Vasco

VASCO Data Security International, Inc. (Nasdaq:VDSI), a leading software security company specializing in strong authentication products and services, questions the Federal Financial Institutions Examinations Council (FFIEC) supplementary guidelines to its Internet Banking Environment Guidance issued in 2005.

VASCO believes that the original (2005) guidelines were not strong enough, and resulted in breaches. Due to the vagueness of the 2005 guidelines, many banks chose inexpensive but unsafe security measures including questionnaires about their mother's maiden name and the color of their pets' paws. This "meets minimum approach" has made the U.S. banking sector the target of internationally organized fraud schemes. The 2011 addendum to the FFIEC's recommendation for a more secure Internet banking is, according to VASCO, a step in the right direction, but not nearly good enough.

The much anticipated recommendations do emphasize the importance of periodic risk assessments, layered security and appropriate customer authentication mechanisms as to mitigate risks against increasingly sophisticated fraud schemes. The council advocates more complex authentication mechanisms be put in place to protect retail as well as business customers against account hacking and identity theft. As proven abroad, only the implementation of strong two-factor authentication, including the use of electronic signatures to neutralize man-in-the-middle attacks, is an efficient method to make online banking a safer business channel.

VASCO, as a world leader in authentication, has one of the most complete lines of security products and services for strong user authentication and e-signatures available in the market today, helping financial organizations comply with FFIEC's recommendations. With over 1,700 financial institutions worldwide in its customer base, the company already demonstrated its expertise and experience in securing customer credentials and financial transactions.

VASCO's range of e-signature solutions guarantees transaction security and protects customers against man-in-the-middle attacks. The electronic signature is calculated using unique factors including the components of the specific transaction such as transaction amount and destination, source account information as w well as timer and counter values. An e-signature allows the bank to verify that a transaction was initiated by the genuine end-user; if the transaction is not validated, the signature will be rendered useless. Consequently, the banking server can flag the transaction as possible fraud and act accordingly. The end-user in turn can rest assured that his transaction was not altered in transit.

"Effective security measures are essential to safeguard customers' credentials and protect high-value transactions from being misdirected," says Ken Hunt, Chairman & CEO of VASCO Data Security. "For VASCO, the FFIEC's guidelines are a step in the right direction, but we believe that more is needed. VASCO will take its responsibility as a market leader. We will continue our endeavors to raise security awareness with both end-users and financial organizations. We hope that the FFIEC recommendations will contribute to enhance the security of the US online banking market, raising the overall banking security level to that of comparable industrialized nations."

Comments: (0)