FFIEC Guidance for Online Banking

As attacks targeting e-banking applications grow more sophisticated and more frequent, strengthening financial institutions’ defenses is becoming more and more important. In response to this changing environment, on June 28, 2011 the Federal Financial Institutions Examination Council (FFIEC) released revised security guidelines for secure banking authentication.

How do you respond to these new guidelines in a way that will work best for your organization? To meet their budget and profit objectives, address risk management and compliance requirements, and provide superior consumer service, it is vital for financial institutions to ensure compliance with FFIEC security guidelines and provide optimal security. To do so, they must employ a number of key principles and best practices in order to secure online consumer identities, transactions, and data. These are:

• Implement a layered approach to security for high-risk, Internet-based systems including detection and response to suspicious activities for both login and electronic transactions. 
• Offer business/commercial banking customers multi-factor authentication.
• Bring transactional layered security to consumer banking.
• Institute "out of wallet" or out-of-band authentication methods for high-risk transactions.
• Review and update existing risk assessments at least every twelve months.
• Improve customer education and awareness 

Resources

• The following resources are available:

• Download Tool - FFIEC Authentication Security Checklist
• FFIEC Security Guidelines: How to make the eBanking authentication guidelines work for your organization