The Financial Services Technology Consortium (FSTC) announced today it has concluded phase I of its Better Mutual Authentication (BMA) Project, part of an on-going effort to secure access to customer accounts and combat fraud across the financial services industry.
This critical effort, with twenty eight participants including financial institutions, technology vendors, government agencies and associations resulted in a number of significant deliverables including:
- Identification of relevant use cases, vulnerabilities, and threats
- Updated terminology used to define authentication practices
- Surveyed available technologies and solutions
- Produced “Financial Industry Requirements and Recommendations for BMA”
- Developed tools for evaluating combinations of authentication techniques
- Developed a high level architecture of authentication systems that employ multiple authentication techniques
- Created a roadmap for evolving BMA to meet future needs
"The BMA project team has done an outstanding job in continuing our work towards developing a mutual authentication blueprint that all financial institutions can use to establish better mutual authentication between themselves and their customers, no matter whether they are communicating face-to-face in the branch, on the Internet, at ATMs, through the mail, or via telephone," said Dan Schutzer, Executive Director of FSTC. "The overall goal is to design and deploy a basic framework that can be implemented industry-wide and then tailored to an individual institution’s specific needs or a technology company’s unique product or service. We are well on the way to accomplishing that."
"The challenge for financial institutions and technology vendors to meet the needs of consumers for safer online financial services remains daunting,” observed Chuck Wade, BMA Project Leader. “There is much to be done by the industry if consumers are to be given choices and avoid the burden of having to use multiple authentication technologies to access financial services from various institutions."
FSTC is developing plans for follow-on projects that will build on the foundation built during the first phase, and will reach out to other industry associations to coordinate initiatives in order to gain additional leverage for achieving broad consumer adoption of safer online authentication practices. Already, FSTC has contributed BMA deliverables to ANS X9.49 for use in mutual authentication standards for the financial industry and to W3C’s Workshop on usability and transparency for Web authentication. FSTC is also supporting the Liberty Alliance and OATH in their authentication initiatives.