FFIEC Announces Guidance On Internet Banking AuthenticationFFIEC Announces Guidance On Internet Banking Authentication
Supplement stresses the need for performing risk assessments
July 1, 2011

PRESS RELEASE
The Federal Financial Institutions Examination Council (FFIEC) today issued a supplement to the Authentication in an Internet Banking Environment guidance, issued in October 2005. The purpose of the supplement is to reinforce the risk-management framework described in the original guidance and update the FFIEC member agencies' supervisory expectations regarding customer authentication, layered security, and other controls in the increasingly hostile online environment.
The continued growth of electronic banking and greater sophistication of the associated threats have increased risks for financial institutions and their customers. Customers and financial institutions have experienced substantial losses from online account takeovers. Effective security is essential for financial institutions to safeguard customer information, reduce fraud stemming from the theft of sensitive customer information, and promote the legal enforceability of financial institutions' electronic agreements and transactions.
The supplement stresses the need for performing risk assessments, implementing effective strategies for mitigating identified risks, and raising customer awareness of potential risks, but does not endorse any specific technology for doing so. The FFIEC member agencies will continue to work closely with financial institutions to promote security in electronic banking and have directed examiners to formally assess financial institutions under the enhanced expectations outlined in the supplement beginning in January 2012.
You May Also Like
Securing the Remote Workforce
Feb 20, 2025Emerging Technologies and Their Impact on CISO Strategies
Feb 25, 2025How CISOs Navigate the Regulatory and Compliance Maze
Feb 26, 2025Where Does Outsourcing Make Sense for Your Organization?
Feb 27, 2025Shift Left: Integrating Security into the Software Development Lifecycle
Mar 5, 2025