|
FFIEC Authentication
Compliance
Solutions
|
New FFIEC
Guidance 2011
Our
“Out-of-Band” multi-factor authentication
platform, powered by StrikeForce Technologies, is designed to authenticate
your customers, employees, “and/or” authorize transactions
in real-time.
Installed locally on premise, or accessed through our
“Cloud Service, ” ProtectID’s powered by StrikeForce advanced authentication
redundancy feature minimizes password/device related help
desk calls by providing users a backup authentication
method.
New guidance has been written and released by The Federal
Financial Institutions Examination Council (FFIEC) for
financial institutions regarding customer authentication of
online accounts.
The Threat Landscape and Compensating Controls section of the supplement recommends
the use of “out of band” authentication as one of the
effective risk mitigation techniques. The Agencies are aware
of the fact that a number of institutions are requiring the
“out-of-band” authentication or verification of certain high
value and/or anomalous transactions.
|
|
No Obligation Information
Request
Same Day
Response
|
|
Out-of-band authentication means that a transaction that
is initiated via one delivery channel (e.g., Internet) must
be re-authenticated or verified via an independent delivery
channel (e.g., telephone) in order for the transaction to be
completed. Out-of-band authentication is becoming more
popular given that customer PCs are increasingly vulnerable
to malware attacks. However, out-of-band authentication
directed to or input through the same device that initiates
the transaction may not be effective since that device may
have been compromised. For business customers, the
out-of-band authentication or verification can be provided
by someone other than the person who first initiated the
transaction and can be combined with other administrative
controls. Additionally, the use of out-of-band
authentication or verification, for administrative changes
to online business accounts, can be an effective control to
reduce fraudulent funds transfers.
The first guidance release by the Council was in 2005.
Its risk based approach recommended institutions make
available recurring assessments responding to new threats.
The new guidance strengthens the original 2005
expectations. The supplement states, “Financial institutions
should perform periodic risk assessments considering new and
evolving threats to online accounts and adjust their
customer authentication, layered security, and other
controls as appropriate in response to identified risks.”
FFIEC
Authentication Guidelines - Out of Wallet Challenge
Questions Compliance
Deadline January 2012.
Read the
FFIEC Guidance
Learn About Our Other Authentication
Compliance Solutions:
Out
of Wallet Challenge Questions / IDMatch+PLUS
FFIEC
Authentication Guidelines - Compliance
Deadline January 2012.
Read the
FFIEC Guidance
AgeMatch | IDMatch / IDMatch +PLUS |
IDR Calc/Privacy Tool |
RegMatch |
CustomMatch
 |
Call us now to Schedule a demonstration of our services or
CLICK HERE to fill out our demonstration request form. |
 |
ProtectID® is a registered
trademark of StrikeForce Technologies, Inc. |
