FDIC Financial Institutions Letter -- FIL-66-2005

 

The above referenced FIL refers to the immediate dangers represented by various forms of security vulnerabilities.  The FIL further points out how Identity Theft, Phishing Scams, Instant Messaging risks, Spyware, and Account- Hijacking present significant confidentiality, integrity, availability, and liability exposure implications for both your bank and your bank’s customers.  The FDIC warns financial institutions that they must consider new security strategies for their enterprise information security programs and various customer data management options. (1)

 

“Investigating the implementation of multi-factor authentication methods, which would limit the ability of identity thieves to compromise customer accounts, even when a thief has a customer's ID, password and account numbers.” – FIL-66-2005

 

In light of this FIL and the continued public reporting of the compromise of customer’s private identity data and financial records, it is becoming evident that if a financial institution is to continue to hold or gain market share in today’s online banking environment enhanced data security is a must. (2)

 

A recent survey of U.S. Internet users found that over three-fifth of the survey respondents believed it unacceptable for a bank or CU to not respond to phishing schemes that use the financial institution’s identity as the means of gaining the victim’s trust.   Almost 96% of the respondents claimed banks and CUs need to use technology to provide protection to their banking customers. (3)

 

In response, ACAP Security offers both financial institutions and their individual customers a number of self-controlled software security protections.  An online banking security enhancement offered by ACAP is a multi-factor ppn authentication method, PIN-SECURE, which is responsive to FIL-66-2005, FIL-103-2005 and NCUA-12 CFR Part 748 requirements.  It uses an independent ppn secure communications pipeline and an ATM-type PIN access control to effectively assure the identity and access rights of every online banking customer.

 

References:

(1) FDIC Financial Institution Letters (FIL-66-2005), Guidance on Mitigating Risks From Spyware, July 22, 2005  http://www.fdic.gov/news/news/financial/2005/fil6605.html

(2) Wall Street Journal Online, “Without a Trace,” a listing of major losses of customer data, June 17, 2005

http://online.wsj.com/public/us

(3) Ponemon Institute, Consumer Study Results, Nov 2004.  http://www.ponemon.org/index.htm

 

By Glenn Gearhart, CEO, ACAP Security Inc., a provider of higher level security solution to the financial industry. glenn@acapsecurity.com.

 

White Paper: 063005 ACAP Security Inc.

 

Copyright 2005.  ACAP Security Inc. all rights reserved.