[Clips] FDIC: Putting an End to Account-Hijacking Identity Theft Study Supplement

R.A. Hettinga rah at shipwright.com
Wed Oct 19 21:40:54 PDT 2005


--- begin forwarded text


 Delivered-To: clips at philodox.com
 Date: Thu, 20 Oct 2005 00:39:23 -0400
 To: Philodox Clips List <clips at philodox.com>
 From: "R.A. Hettinga" <rah at shipwright.com>
 Subject: [Clips] FDIC: Putting an End to Account-Hijacking Identity Theft
  Study Supplement
 Reply-To: rah at philodox.com
 Sender: clips-bounces at philodox.com

 <http://www.fdic.gov/consumers/consumer/idtheftstudysupp/index.html>

  ?
 Home > Consumer Protection > Consumer Resources > Putting an End to
 Account-Hijacking Identity Theft Study Supplement

 Putting an End to Account-Hijacking Identity Theft Study Supplement

 Federal Deposit Insurance Corporation  Division of Supervision and Consumer
 Protection  Technology Supervision Branch June 17, 2005

 This publication supplements the FDIC's study Putting an End to
 Account-Hijacking Identity Theft published on December 14, 2004.

 Printable Version - PDF 105k (PDF Help)

 Table of Contents

 Executive Summary and Findings

 Focus of Supplement
  Identity theft in general and account hijacking in particular continue to
 be significant problems for the financial services industry and consumers.
 Recent studies indicate that identity theft is evolving in more complicated
 ways that make it more difficult for consumers to protect themselves.
 Recent studies also indicate that consumers are concerned about online
 security and may be receptive to using two-factor authentication if they
 perceive it as offering improved safety and convenience.

 This Supplement discusses seven additional technologies that were not
 discussed in the Study. These technologies, as well as those considered in
 the Study, have the potential to substantially reduce the level of account
 hijacking (and other forms of identity theft) currently being experienced.

 Findings
  Different financial institutions may choose different solutions, or a
 variety of solutions, based on the complexity of the institution and the
 nature and scope of its activities. The FDIC does not intend to propose one
 solution for all, but the evidence examined here and in the Study indicates
 that more can and should be done to protect the security and
 confidentiality of sensitive customer information in order to prevent
 account hijacking.

 Thus, the FDIC presents the following updated findings:
 	1 	The information security risk assessment that financial
 institutions are currently required to perform should include an analysis
 to determine (a) whether the institution needs to implement more secure
 customer authentication methods and, if it does, (b) what method or methods
 make most sense in view of the nature of the institution's business and
 customer base.
 	2 	If an institution offers retail customers remote access to
 Internet banking or any similar product that allows access to sensitive
 customer information, the institution has a responsibility to secure that
 delivery channel. More specifically, the widespread use of user ID and
 password for remote authentication should be supplemented with a reliable
 form of multifactor authentication or other layered security so that the
 security and confidentiality of customer accounts and sensitive customer
 information are adequately protected.



 Last Updated 6/27/2005
   consumeralerts at fdic.gov Home    Contact
 Us    Search    Help    SiteMap    Forms
 Freedom of Information Act    Website Policies    FirstGov.gov



 --
 -----------------
 R. A. Hettinga <mailto: rah at ibuc.com>
 The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
 44 Farquhar Street, Boston, MA 02131 USA
 "... however it may deserve respect for its usefulness and antiquity,
 [predicting the end of the world] has not been found agreeable to
 experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
 _______________________________________________
 Clips mailing list
 Clips at philodox.com
 http://www.philodox.com/mailman/listinfo/clips

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'





More information about the cypherpunks-legacy mailing list