[Clips] FDIC: FIL-103-2005: Authentication in an Internet Banking Environment

R.A. Hettinga rah at shipwright.com
Wed Oct 19 21:41:02 PDT 2005


--- begin forwarded text


 Delivered-To: clips at philodox.com
 Date: Thu, 20 Oct 2005 00:39:49 -0400
 To: Philodox Clips List <clips at philodox.com>
 From: "R.A. Hettinga" <rah at shipwright.com>
 Subject: [Clips] FDIC: FIL-103-2005: Authentication in an Internet Banking
  Environment
 Reply-To: rah at philodox.com
 Sender: clips-bounces at philodox.com

 <http://www.fdic.gov/news/news/financial/2005/fil10305.html>

  ?
 Home > News & Events > Financial Institution Letters

 Financial Institution Letters


 FFIEC Guidance
  Authentication in an Internet Banking Environment
 FIL-103-2005
  October 12, 2005


 Summary:
 The Federal Financial Institutions Examination Council (FFIEC) has issued
 the attached guidance, "Authentication in an Internet Banking Environment."
 For banks offering Internet-based financial services, the guidance
 describes enhanced authentication methods that regulators expect banks to
 use when authenticating the identity of customers using the on-line
 products and services. Examiners will review this area to determine a
 financial institution's progress in complying with this guidance during
 upcoming examinations. Financial Institutions will be expected to achieve
 compliance with the guidance no later than year-end 2006.

  Highlights:
 	* 	 Financial institutions offering Internet-based products and
 services should use effective methods to authenticate the identity of
 customers using those products and services.
 	* 	 Single-factor authentication methodologies may not provide
 sufficient protection for Internet-based financial services.
 	* 	 The FFIEC agencies consider single-factor authentication, when
 used as the only control mechanism, to be inadequate for high-risk
 transactions involving access to customer information or the movement of
 funds to other parties.
 	* 	 Risk assessments should provide the basis for determining an
 effective authentication strategy according to the risks associated with
 the various products and services available to on-line customers.
 	* 	 Customer awareness and education should continue to be
 emphasized because they are effective deterrents to the on-line theft of
 assets and sensitive information.

  Distribution:
 FDIC-Supervised Banks (Commercial and Savings)

  Suggested Routing:
 Chief Executive Officer
  Chief Information Security Officer

 Related Topics:
 	* 	FIL-66-2005, Guidance on Mitigating Risks From Spyware, issued
 July 22, 2005
 	* 	FIL-64-2005, Guidance on How Financial Institutions Can Protect
 Against Pharming Attacks, issued July 18, 2005
 	* 	FIL-27-2004, Guidance on Safeguarding Customers Against E-Mail
 and Internet Related Fraud, issued March 12, 2004
 	* 	FFIEC Information Security Handbook, issued November 2003
 	* 	Interagency Informational Brochure on Phishing Scams, contained
 in FIL-113-2004, issued September 13, 2004
 	* 	Putting an End to Account- Hijacking Identity Theft, FDIC Study,
 issued December 14, 2004
 	* 	FDIC Identity Theft Study Supplement on Account-Highjacking
 Identity Theft, issued June 17, 2005

 Attachment:
 FFIEC Guidance: Authentication in an Internet Banking Environment - PDF
 163k (PDF Help)

 Contact:
 Senior Policy Analyst Jeffrey Kopchik at JKopchik at fdic.gov or (202)
 898-3872, or Senior Technology Specialist Robert D. Lee at RoLee at fdic.gov
 or (202) 898-3688

 Printable Format:
 FIL-103-2005 - PDF 41k (PDF Help)

 Note:
 FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's
 Web site at www.fdic.gov/news/news/financial/2005/index.html.

  To receive FILs electronically, please visit
 http://www.fdic.gov/about/subscriptions/fil.html.

  Paper copies of FDIC FILs may be obtained through the FDIC's Public
 Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434
 (1-877-275-3342 or 202-416-6940).



 Last Updated 10/12/2005
  communications at fdic.gov  Home    Contact
 Us    Search    Help    SiteMap    Forms
 Freedom of Information Act    Website Policies    FirstGov.gov



 --
 -----------------
 R. A. Hettinga <mailto: rah at ibuc.com>
 The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
 44 Farquhar Street, Boston, MA 02131 USA
 "... however it may deserve respect for its usefulness and antiquity,
 [predicting the end of the world] has not been found agreeable to
 experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
 _______________________________________________
 Clips mailing list
 Clips at philodox.com
 http://www.philodox.com/mailman/listinfo/clips

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'





More information about the cypherpunks-legacy mailing list