As bank examiners begin applying the updated FFIEC Authentication Guidance, many financial institutions will find that their current security practices do not stand up against the strengthened requirements. Arm yourself with the knowledge you need to begin shoring up your authentication controls before your next bank exam.
Register for this webinar from out-of-band authentication provider PhoneFactor to learn:
Why many of the security measures currently in place are ineffective at protecting against current online banking threats;
The role of out-of-band authentication and transaction verification as security controls;
How First Midwest Bank put the FFIEC's recommendations in place, switching from security tokens to out-of-band transaction verification with great success.
The 2011 supplement to the FFIEC Guidance on Internet Banking Security provides an updated view of best practices for securing online banking based on today's threat landscape. The concepts addressed in the supplement are widely recognized by the financial services industry to be critical to preventing online banking fraud.
Examiners began using these enhanced expectations beginning in January 2012. These include:
Layered Security: The concept of Layered Security extends security controls beyond the initial session login to include online banking transactions and administrative functions. This is driven by an increase in real-time attacks that target transactions, such as ACH, wire transfer, and payroll payments. A high level of importance has been placed on identifying suspicious transactions. To minimize the impact on customers, this must be coupled with an easy and effective means for customers to approve legitimate transactions. For many, this involves migrating away from OTP tokens, which the FFIEC points out, have proven to be vulnerable to attack. Instead, financial institutions will need to look to methods like fully out-of-band technologies that can be used to verify logins, transactions, and administrative functions and offer protection from keyloggers and MITM/MITB attacks.
Stronger Authentication Methods: In addition, the updated guidance calls for an overall strengthening of authentication technologies. It notes that out-of-band authentication has taken on a new level of importance given the preponderance of malware running on customer PCs, which can defeat OTP tokens, device identification, challenge questions, and many other forms of strong authentication. In particular, closed loop methods that complete the authentication in an out-of-band channel are seen as offering a greater level of security.
This webinar will present real-world examples, starting with a case study from First Midwest Bank, of how financial institutions can leverage out-of-band transaction verification to meet the strengthened requirements set forth in the updated Guidance before their next bank examination.
Premium Members Only
OnDemand access to this webinar is restricted to Premium Members.
Steve Dispensa is CTO & Co-Founder of PhoneFactor. His many accomplishments include designing one of the world's first broadband wireless internet networks for Sprint, as well as being a five time winner of the Microsoft MVP award.
Steve received his degree from the University of Missouri at Kansas City and holds 12 patents and numerous patents pending. He continues to be an innovative technology leader, educating others on data security by writing and speaking on the topic regularly in the United States and internationally, including RSA (US & Europe), Troopers, and numerous webcasts and podcasts.
VP - Marketing & Product Management, PhoneFactor
Sarah Fender holds the title of Vice President at PhoneFactor and is responsible for market analysis and strategy, advertising, and public relations. Sarah has a proven track of success with high-growth technology companies. Prior to joining PhoneFactor, she held various executive leadership roles in marketing and operations at LaGarde, whose technology platform powered online operations for thousands of leading B2B and B2C clients.
Sarah graduated with honors from Drury University with a degree in Communications. At PhoneFactor she leads quantitative and qualitative market research efforts on the multi-factor authentication market, regularly presenting results to analysts, in whitepapers, on webcasts, and more.