| ||
 |
| SecurityProNews > News > Security News > Feds Want Tougher Online Bank Authentication | |||||||||||||
The federal government toughened online authentication requirements with a new set of rules to make it tougher for online criminals. The feds want something more than the current system, which in most cases, is just usernames and passwords. The Federal Financial Institutions Examination Council (FFIEC) last Wednesday released updated guidance on the risks and risk management controls necessary for authentication of customers accessing Internet based financial services. Their guidance, "Authentication in an Internet Banking Environment," was issued to address the legal and technological changes that have occurred in the last few years regarding consumer information, greater levels of identity theft and fraud and more importantly, improved authentication technologies. Right now, risk is high for online banking and any other financial transactions conducted online. Most of the time, banks require a username and a password and nothing more. It's simple certainly but it's not terribly secure. The FFIEC is looking for something a little stronger than the basic password system. They emphasize a strong plan all the way down the line. First, a research must be conducted in the form of a risk assessment. The risk assessment process should: · Identify all transactions and levels of access associated with Internet-based customer products and services; · Identify and assess risk mitigation techniques, including authentication methodologies, employed for each transaction type and level of access; and · Include the ability to gauge the effectiveness of risk mitigation techniques for current and changing risk factors for each type of transaction type and level of access. Make sure one notes the last point. There must be a way to measure the results for them to be valid. Once the risk assessment is completed, set a measurable goal and stick to it. There are a variety of methods for authentication and identity protection measure. While the banks have run some delightful commercials on identity theft, these ads don't get them off the hook. While the password is a simple way to do security, there should be much more to protecting online financial responsibilities. The guideline mentions three basic existing methodologies of security. They include: Something the user knows, like a pin number; something the user has like an ATM card; and something the user is, utilizing a fingerprint or some other biometric characteristic. They list a variety of methods of possible security measures. The real issue remains that the banks must comply with these measures. The banks asked the government not to get involved but the banks haven't really made a concerted effort solve some of these security problems and why should they? Everything in their institutions is insured by the feds themselves. Despite numerous cases of identity theft through various methods as well as clumsy, inane mistakes on the part of these institutions into securing their own records and documents, the financial institutions still appear to be taking this problem too lightly. Unless the federal government puts some teeth into this guidance system, the banks may be reluctant to do much of anything that could upset their balance. View All Articles by John Stith About the Author: |
|||||||||||||
|
 |
|