--- begin forwarded text Delivered-To: clips@philodox.com Date: Thu, 20 Oct 2005 00:39:23 -0400 To: Philodox Clips List <clips@philodox.com> From: "R.A. Hettinga" <rah@shipwright.com> Subject: [Clips] FDIC: Putting an End to Account-Hijacking Identity Theft Study Supplement Reply-To: rah@philodox.com Sender: clips-bounces@philodox.com <http://www.fdic.gov/consumers/consumer/idtheftstudysupp/index.html> ? Home > Consumer Protection > Consumer Resources > Putting an End to Account-Hijacking Identity Theft Study Supplement Putting an End to Account-Hijacking Identity Theft Study Supplement Federal Deposit Insurance Corporation Division of Supervision and Consumer Protection Technology Supervision Branch June 17, 2005 This publication supplements the FDIC's study Putting an End to Account-Hijacking Identity Theft published on December 14, 2004. Printable Version - PDF 105k (PDF Help) Table of Contents Executive Summary and Findings Focus of Supplement Identity theft in general and account hijacking in particular continue to be significant problems for the financial services industry and consumers. Recent studies indicate that identity theft is evolving in more complicated ways that make it more difficult for consumers to protect themselves. Recent studies also indicate that consumers are concerned about online security and may be receptive to using two-factor authentication if they perceive it as offering improved safety and convenience. This Supplement discusses seven additional technologies that were not discussed in the Study. These technologies, as well as those considered in the Study, have the potential to substantially reduce the level of account hijacking (and other forms of identity theft) currently being experienced. Findings Different financial institutions may choose different solutions, or a variety of solutions, based on the complexity of the institution and the nature and scope of its activities. The FDIC does not intend to propose one solution for all, but the evidence examined here and in the Study indicates that more can and should be done to protect the security and confidentiality of sensitive customer information in order to prevent account hijacking. Thus, the FDIC presents the following updated findings: 1 The information security risk assessment that financial institutions are currently required to perform should include an analysis to determine (a) whether the institution needs to implement more secure customer authentication methods and, if it does, (b) what method or methods make most sense in view of the nature of the institution's business and customer base. 2 If an institution offers retail customers remote access to Internet banking or any similar product that allows access to sensitive customer information, the institution has a responsibility to secure that delivery channel. More specifically, the widespread use of user ID and password for remote authentication should be supplemented with a reliable form of multifactor authentication or other layered security so that the security and confidentiality of customer accounts and sensitive customer information are adequately protected. Last Updated 6/27/2005 consumeralerts@fdic.gov Home Contact Us Search Help SiteMap Forms Freedom of Information Act Website Policies FirstGov.gov -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips@philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'