While the Federal Financial Institutions Examination Council (FFIEC) guidance is clear in its call for more stringent risk management controls of Internet banking customer authentication to be in place by year-end, guidance as to how America's bankers should attain these goals has not been as clear.
Financial software and services provider Information Technology, Inc. (ITI), a business unit of Fiserv, Inc. (Nasdaq:FISV), today introduced a new "toolkit" that can help the financial industry solve this problem.
ITI's Internet Banking Security Toolkit is a unique body of knowledge that assists financial institutions with their compliance and strengthens their risk mitigation practices. This carefully researched collection of sophisticated consulting materials is a first for the industry, using printed documents and electronic media packaged as an executive-level solution. It provides background, an interactive risk assessment survey, an overview of available solutions, and recommended next steps.
"Financial institutions are spending a tremendous amount of time and effort researching multifactor authentication options, trying to determine how best to perform risk assessments and educate their customers," said Jim Sizemore, ITI senior vice president and CIO. "Partnering with clients to leverage our collective technology expertise, particularly in the area of Internet banking, ITI developed a step-by-step approach to dealing with these different risk areas." ITI's consulting staff, including banking executives and auditors, has substantial "real-world" experience in operations risk management, Sizemore added.
Mike Thomson, senior vice president of operations at the Bank of Walnut Creek in Walnut Creek, Calif., appreciates not having to reinvent the wheel. "A lot more questions than answers come to mind when faced with complying with the FFIEC guidance," he said. "Where do we go from here? What would the regulators like to see? Is what we're doing adequate or way too much? This toolkit provides this valued direction, helping us to comply in a much more efficient manner. I highly recommend this to other banks."
The Internet Banking Security Toolkit risk assessment survey asks bankers detailed questions pertaining to topics such as password policies, Internet banking session management, enrollment processes and transaction-specific risk for both retail and commercial customers. The answers to these and other questions are then ranked to help bankers develop a clearer picture of risk mitigation issues they may face. Following executive review, the data collected can be shared with regulators as required.
"The survey also reminded us of features our Premierecom Internet banking software provides that we're not currently using," said Thomson. "It asks the right questions, enabling us to go back and reevaluate how we could utilize those features and get the most from the software."
The toolkit reviews various multifactor authentication offerings, brings to light features in the financial institution's current software that can be used to negate risk and shows how to implement a risk mitigation strategy. In addition, because the FFIEC guidance identifies the need for education on multifactor authentication, ITI provides financial institutions access to both a staff and consumer education program. It includes fully customized instruction and marketing materials to help ensure smooth deployment of this additional layer of security.