[Clips] FDIC: FIL-103-2005: Authentication in an Internet Banking Environment
R.A. Hettinga
rah at shipwright.com
Wed Oct 19 21:41:02 PDT 2005
--- begin forwarded text
Delivered-To: clips at philodox.com
Date: Thu, 20 Oct 2005 00:39:49 -0400
To: Philodox Clips List <clips at philodox.com>
From: "R.A. Hettinga" <rah at shipwright.com>
Subject: [Clips] FDIC: FIL-103-2005: Authentication in an Internet Banking
Environment
Reply-To: rah at philodox.com
Sender: clips-bounces at philodox.com
<http://www.fdic.gov/news/news/financial/2005/fil10305.html>
?
Home > News & Events > Financial Institution Letters
Financial Institution Letters
FFIEC Guidance
Authentication in an Internet Banking Environment
FIL-103-2005
October 12, 2005
Summary:
The Federal Financial Institutions Examination Council (FFIEC) has issued
the attached guidance, "Authentication in an Internet Banking Environment."
For banks offering Internet-based financial services, the guidance
describes enhanced authentication methods that regulators expect banks to
use when authenticating the identity of customers using the on-line
products and services. Examiners will review this area to determine a
financial institution's progress in complying with this guidance during
upcoming examinations. Financial Institutions will be expected to achieve
compliance with the guidance no later than year-end 2006.
Highlights:
* Financial institutions offering Internet-based products and
services should use effective methods to authenticate the identity of
customers using those products and services.
* Single-factor authentication methodologies may not provide
sufficient protection for Internet-based financial services.
* The FFIEC agencies consider single-factor authentication, when
used as the only control mechanism, to be inadequate for high-risk
transactions involving access to customer information or the movement of
funds to other parties.
* Risk assessments should provide the basis for determining an
effective authentication strategy according to the risks associated with
the various products and services available to on-line customers.
* Customer awareness and education should continue to be
emphasized because they are effective deterrents to the on-line theft of
assets and sensitive information.
Distribution:
FDIC-Supervised Banks (Commercial and Savings)
Suggested Routing:
Chief Executive Officer
Chief Information Security Officer
Related Topics:
* FIL-66-2005, Guidance on Mitigating Risks From Spyware, issued
July 22, 2005
* FIL-64-2005, Guidance on How Financial Institutions Can Protect
Against Pharming Attacks, issued July 18, 2005
* FIL-27-2004, Guidance on Safeguarding Customers Against E-Mail
and Internet Related Fraud, issued March 12, 2004
* FFIEC Information Security Handbook, issued November 2003
* Interagency Informational Brochure on Phishing Scams, contained
in FIL-113-2004, issued September 13, 2004
* Putting an End to Account- Hijacking Identity Theft, FDIC Study,
issued December 14, 2004
* FDIC Identity Theft Study Supplement on Account-Highjacking
Identity Theft, issued June 17, 2005
Attachment:
FFIEC Guidance: Authentication in an Internet Banking Environment - PDF
163k (PDF Help)
Contact:
Senior Policy Analyst Jeffrey Kopchik at JKopchik at fdic.gov or (202)
898-3872, or Senior Technology Specialist Robert D. Lee at RoLee at fdic.gov
or (202) 898-3688
Printable Format:
FIL-103-2005 - PDF 41k (PDF Help)
Note:
FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's
Web site at www.fdic.gov/news/news/financial/2005/index.html.
To receive FILs electronically, please visit
http://www.fdic.gov/about/subscriptions/fil.html.
Paper copies of FDIC FILs may be obtained through the FDIC's Public
Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434
(1-877-275-3342 or 202-416-6940).
Last Updated 10/12/2005
communications at fdic.gov Home Contact
Us Search Help SiteMap Forms
Freedom of Information Act Website Policies FirstGov.gov
--
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
_______________________________________________
Clips mailing list
Clips at philodox.com
http://www.philodox.com/mailman/listinfo/clips
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
More information about the cypherpunks-legacy
mailing list