Source: Digital Insight
Under recently released guidelines from the Federal Financial Institutions Examination Council (FFIEC), banks are required to strengthen customer authentication measures for Internet banking transactions by the end of 2006.
Banks have a variety of options as they comply with this requirement, and in many cases will have to develop security solutions in conjunction with their Internet banking service provider and other third parties.
"Digital Insight is committed to doing our part to provide a secure and convenient online banking platform for our clients and their users, and strong authentication has emerged as one of the most important steps in protecting against Internet-based electronic fraud," says Digital Insight's Scott Mackelprang. In August 2005, Digital Insight announced a new strategic partnership with TriCipher, Inc., a leading innovator of strong authentication technologies, to offer more advanced online banking security using multifactor authentication.
In 2006, Digital Insight will provide its Multifactor Authentication solution to help client financial institutions enhance login security beyond username and password by storing a second factor of identity authentication on each user's PC to help prevent fraudsters from impersonating legitimate users. The robust authentication system will be flexible enough to create different authentication levels that match application, data or user risk by incorporating additional layers of authentication from users in the form of challenge questions and temporary passcodes, downloaded software modules, USB memory tokens, or other methods of identity verification.
At the same time, Mackelprang and Digital Insight do caution banks against focusing too closely on security point solutions at the expense of seeing the full picture. "Complexity is at the core of online banking, with numerous partners and service providers interfacing to bring a seamless, user-friendly experience," adds Mackelprang. "The complexity of these interfaces means there is no single solution. Security is an ongoing, multi-layered process, not a product."
In addition to Multifactor Authentication, Digital Insight recommends addressing security in four key areas: systems, partnerships, operations and architecture. Together these elements create what Digital Insight refers to as a "Deep Defense" that provides prevention, detection, correction and reporting of both potential and actual fraud. Behind each Deep Defense element, layers of federal regulatory compliant technologies can operate at maximum force, helping strengthen an institution's infrastructure and form a foundation for scalable long term security.