[Clips] FDIC: Putting an End to Account-Hijacking Identity Theft Study Supplement
R.A. Hettinga
rah at shipwright.com
Wed Oct 19 21:40:54 PDT 2005
--- begin forwarded text
Delivered-To: clips at philodox.com
Date: Thu, 20 Oct 2005 00:39:23 -0400
To: Philodox Clips List <clips at philodox.com>
From: "R.A. Hettinga" <rah at shipwright.com>
Subject: [Clips] FDIC: Putting an End to Account-Hijacking Identity Theft
Study Supplement
Reply-To: rah at philodox.com
Sender: clips-bounces at philodox.com
<http://www.fdic.gov/consumers/consumer/idtheftstudysupp/index.html>
?
Home > Consumer Protection > Consumer Resources > Putting an End to
Account-Hijacking Identity Theft Study Supplement
Putting an End to Account-Hijacking Identity Theft Study Supplement
Federal Deposit Insurance Corporation Division of Supervision and Consumer
Protection Technology Supervision Branch June 17, 2005
This publication supplements the FDIC's study Putting an End to
Account-Hijacking Identity Theft published on December 14, 2004.
Printable Version - PDF 105k (PDF Help)
Table of Contents
Executive Summary and Findings
Focus of Supplement
Identity theft in general and account hijacking in particular continue to
be significant problems for the financial services industry and consumers.
Recent studies indicate that identity theft is evolving in more complicated
ways that make it more difficult for consumers to protect themselves.
Recent studies also indicate that consumers are concerned about online
security and may be receptive to using two-factor authentication if they
perceive it as offering improved safety and convenience.
This Supplement discusses seven additional technologies that were not
discussed in the Study. These technologies, as well as those considered in
the Study, have the potential to substantially reduce the level of account
hijacking (and other forms of identity theft) currently being experienced.
Findings
Different financial institutions may choose different solutions, or a
variety of solutions, based on the complexity of the institution and the
nature and scope of its activities. The FDIC does not intend to propose one
solution for all, but the evidence examined here and in the Study indicates
that more can and should be done to protect the security and
confidentiality of sensitive customer information in order to prevent
account hijacking.
Thus, the FDIC presents the following updated findings:
1 The information security risk assessment that financial
institutions are currently required to perform should include an analysis
to determine (a) whether the institution needs to implement more secure
customer authentication methods and, if it does, (b) what method or methods
make most sense in view of the nature of the institution's business and
customer base.
2 If an institution offers retail customers remote access to
Internet banking or any similar product that allows access to sensitive
customer information, the institution has a responsibility to secure that
delivery channel. More specifically, the widespread use of user ID and
password for remote authentication should be supplemented with a reliable
form of multifactor authentication or other layered security so that the
security and confidentiality of customer accounts and sensitive customer
information are adequately protected.
Last Updated 6/27/2005
consumeralerts at fdic.gov Home Contact
Us Search Help SiteMap Forms
Freedom of Information Act Website Policies FirstGov.gov
--
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
_______________________________________________
Clips mailing list
Clips at philodox.com
http://www.philodox.com/mailman/listinfo/clips
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
More information about the cypherpunks-legacy
mailing list