FDIC Financial Institutions Letter -- FIL-103-2005

 

FFIEC Guidance – Customer Authentication in Online Banking

(Federal Financial Institution Examination Counsel – FFIEC)

 

On October 12, 2005 the FDIC issued FIL 103-2005 which provided FFIEC guidance for “Authentication in an Internet Banking Environment.”  The FIL states that single factor authentication is not adequate security for Internet-based financial services. (1) (2)

 

“Financial institutions offering Internet-based products and services should use effective methods to authenticate the identity of customers using those products and services.

 

Single-factor authentication methodologies may not provide sufficient protection for Internet-based financial services.

 

The FFIEC agencies consider single-factor authentication, when used as the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties.”  FIL 103-2005

 

Note: Examiners will review this area to determine a financial institution’s progress in complying with this guidance during upcoming examinations. Financial Institutions will be expected to achieve compliance with the guidance no later than year-end 2006.

 

A quick and very effective solution is available which provides financial institutions with the required two factor authentication security.  The first authentication uses the customer’s existing user name and password.  The second authentication, which is delivered over a separate secure pipeline, uses a highly secure PIN, such as the bank card PIN, issued to each online customer.  The PIN is entered into an online customer’s monitor displayed PIN pad, which is more secure than the PIN entry pad at an ATM terminal.

 

The PIN-SECURE two factor authentication system seamlessly integrates with your financial institution’s existing online banking services.  It requires no special skills from your online banking customers and is compatible with all common computers and operating systems.

 

Phishing and spyware are direct attacks on the bank customer and the Internet browser used to transaction online banking.  Addressing security which defeats phishing and spyware necessarily means adding a new exterior secure data delivery network which does not use an Internet browser or the World Wide Web (www).  By using a totally independent secure data exchange network, as provided by PIN-SECURE, the threats and financial frauds perpetrated by phishing and spyware are eliminated.  These attack media have no means of obtaining the secure PIN because it is never resident in any Internet browser, or cookie, or other digital storage media from which the attacker can acquire it.

 

Because it does not rely for security on the Internet browser, or on the World Wide Web, PIN-SECURE is by far the very best and the safest two-factor authentication access system available.

 

Visit www.acapsecurity.com for a quick visual presentation of the PIN-SECURE two factor solution.  Move the mouse over the “Introduction” in the upper left corner.  In the center column click on the title “Bank Security Highlights,” then click on the arrow at PIN-SECURE and follow the presentation.  Or you may click on the title “Credit Union Security Highlights,” then click on the arrow at PIN-SECURE and follow the presentation.  For review of an independent study on the patent-pending secure data exchange technology, ppn Technology™, select “White Papers” then select “The Goodrich Report.”  To view his Curriculum Vitae click on his name.

 

No financial institution should continue to accept the risks of phishing and online banking fraud.  Full compliance with the FFIEC required two factor authentication is immediately available.  Glenn Gearhart - 6/05

 

We look forward to further discussions on how your financial institution can significantly increase online banking security and seamlessly meet FFIEC requirements at a very affordable price.

 

References:

(1) FDIC Financial Institution Letters (FIL-103-2005), FFIEC Guidance Authentication in an Internet Banking Environment, October 12, 2005 

http://www.fdic.gov/news/news/financial/2005/fil10305.html

(2) FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's Web site at www.fdic.gov/news/news/financial/2005/index.html

 

 

By Glenn Gearhart, CEO, ACAP Security Inc., a provider of higher level security solution to the financial industry. glenn@acapsecurity.com.

 

White Paper: 103005 ACAP Security Inc.

 

Copyright 2005.  ACAP Security Inc. all rights reserved.