Find White Papers
Home About Contact Help
Free Membership Member Login
Dec 2, 2008
View Popular Research Browse Topics Find Business Solutions RSS Feeds List Your Research
Search the Library                  Advanced Search

FFIEC Compliance: The CA Solution

CA
By : CA
INFORMATION
Published : May 01, 2006
Length : 9
Type : White Paper
 
Download Now
Save for Later
  Email This Page
Overview :

In October 2005, the Federal Financial Institutions Examination Council (FFIEC) issued a guidance to improve security for online banking transactions specifically relating to two-factor authentication.

This white paper provides an overview of the key requirements of the guidance, as well as how CA's solution can help an you to achieve compliance.

Download this white paper now to learn more.
View All Items By This Company
Browse Related Categories :

Authentication

,

Compliance

,

Data Protection

,

Security
 

FFIEC Compliance:

Introduction to FFIEC Compliance
In October of 2005, the Federal Financial Institutions Examination Council (FFIEC) issued a guidance entitled "Authentication in an Internet Banking Environment"1 This paper followed a similar paper issued by the Federal Deposit Insurance Corporation (FDIC) in late 2004, in which the recommendation was made that member banks evolve their single-factor authentication model for online banking to 2-factor authentication.

The goal of the FFIEC compliance guidance was to improve security for online banking transactions. This effort was prompted by the consensus view that simple username/password authentication was not sufficient for today's online banking environment. Recent increases in the amount of such banking, coupled with the increasing size (in total value) of many transactions, have created unacceptable risks to online banking customers. In addition, the increased threats to these transactions in the form of phishing attacks, viruses, keyloggers, etc., have made stronger authentication an important requirement now and in the future.

The guidance issued by the FFIEC does not have the power of law, in that it is not a formal regulation. Still, the FFIEC made it clear that FFIEC compliance is expected to be complete by the end of calendar year 2006, so most banking institutions are now actively planning their strategy to meet the requirements of this guidance.

Key Requirements, Guidance and FFIEC Compliance
The banking industry as a whole, and the FFIEC in particular, have come to recognize that with the rise in volume of online banking transactions, single-factor authentication techniques are simply not adequate security anymore. With this situation in mind, the Guidance includes three important recommendations. Note that all three are important for compliance with these regulations.

1. Risk Assessment The first step that any bank should perform is a detailed risk analysis of their entire online banking environment. This risk analysis should include all factors or activities that are involved in all supported customer transactions, including the following factors when considering FFIEC Compliance:
- Types of customers
- Sensitivity of all private customer information
- Typical transaction types and the expected size of the transaction
- Expected transaction rates
- The potential for loss for each transaction type

This analysis might lead a banking institution to make potential infrastructure changes that would significantly strengthen their authentication services, yet still maintain flexibility in how and when it is invoked, as well as minimizing the impact on the average banking customer.

Search the Library                  Advanced Search
Today's Popular Reports This Weeks Most Popular Reports Most Popular Topics Vendor Directory Home
About Us Contact Us List Your Papers Partner With Us Site Map