"The FFIEC guidance does a good job of addressing today's and yesterday's threats and suggested techniques, but it is not sufficiently forward-looking," says Gartner's Avivah Litan. "Two years from now, the guidance will be sorely out of date."
The Final FFIEC Guidance has been issued and its main intent is to reinforce the 2005 Guidance's risk management framework and update the Agencies' expectations regarding customer authentication, layered security, or other controls in the increasingly hostile online environment.
The Federal Financial Institutions Examination Council has formally released the long-awaited update to its "Authentication in an Internet Banking Environment" guidance. The new directives take effect January 2012.
International cooperation is to thank for the takedown of one cybercrime ring accused of using the Conficker worms to steal more than $72 million from bank accounts spanning more than 10 countries.
Security experts at this week's Gartner Security and Risk Management Summit agree: Security, not compliance, has to be the new focus. Cyberintrusions cannot be stopped, and the RSA breach should be a lesson to the industry.
"Simple passwords alone do not provide sufficient commercially reasonable security," says Jim Payne of fraud victim Choice Escrow. "Where is the principle of doing what is right and just?"
Six months after Michigan-based Experi-Metal Inc. sued Comerica Bank after a breach that resulted in $1.9 million in ACH and wire fraud, a U.S. District Court has favored the commercial customer.
No one is really sure when the FFIEC's new authentication guidance will be issued, but we do know banking institutions can't afford to wait. Hence, our new FFIEC Authentication Guidance Resource Center.
Information Security Media Group announces the launch of FFIEC Authentication Guidance, a resource center dedicated to providing in-depth news and views on the pending online authentication guidance.
Breaches will not slow anytime soon, and there's not much financial institutions and the payments chain can do to stop them. At this point, the best course of action for banks and retailers is to focus on damage control.
Strong authentication, using both fact-based and behavioral-based fraud detection solutions, should be part of every financial institution's layered security approach, says Reed Taussig, CEO of ThreatMetrix.
David Navetta, an attorney who specializes in IT security and privacy, says the magistrate's recommendation, if accepted by the judge, could set an interesting legal precedent about the security banks are expected to provide for commercial customers.
Authentication expert Steve Dispensa says banking institutions need to realign their authentication infrastructures to include a mix of in-band and out-of-band measures.
After one commercial customer fell victim to corporate account takeover, this institution suffered significant losses and learned that legal disputes rarely favor the bank.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.