21 August, 2006
The Federal Financial Institutions Examination Council (FFIEC) has issued additional guidance in support of its document, “Authentication in an Internet Banking Environment.” It was this document, released in October 2005, that suggested banks security for online transactions was inadequate and that multi-factor, or equivalent, authentication techniques were necessary. This new 7-page FAQ offers ‘some’ additional detail but remains purposefully vague refusing to mandate or endorse any specific security techniques. The date for banks to have completed risk assesments and initiated risk mitigation remains end-of-year 2006. To read the FAQ, click here.