FFIEC compliance conforms to a set of standards for online banking, published in October 2005 by the Federal Review of Financial Institutions (FFIEC). The standards require authentication multifactorial (MFA), as a single factor authentication (SFA) has proved insufficient against the tactics increasingly sophisticated hackers, especially on the Internet. In the MFA, more than one form of authentication is used to verify the legitimacy of a transaction. But SFA involves only a user ID and password.
Authentication Methods which can be used in the MFA include biometric verification fingerscanning, iris recognition, facial recognition and voice ID. In addition to these methods, smart cards and other electronic devices can be used in conjunction with the traditional user ID and password. The chief characteristic of the FFIEC guidelines is the requirement that encryption should be used in all online transactions processing (OLTP) performed by financial institutions. The level of encryption must be sufficient to prevent unauthorized disclosure within a bank's internal networks and shared between external networks.
To determine if an institution is in compliance with the FFIEC guidelines, evaluations of the internal environment should be conducted to identify potential weaknesses in security and threats. Then, the goals must be set, the solutions implemented and periodic risk assessments, in order to maintain an adequate level of security.
Authentication Methods which can be used in the MFA include biometric verification fingerscanning, iris recognition, facial recognition and voice ID. In addition to these methods, smart cards and other electronic devices can be used in conjunction with the traditional user ID and password. The chief characteristic of the FFIEC guidelines is the requirement that encryption should be used in all online transactions processing (OLTP) performed by financial institutions. The level of encryption must be sufficient to prevent unauthorized disclosure within a bank's internal networks and shared between external networks.
To determine if an institution is in compliance with the FFIEC guidelines, evaluations of the internal environment should be conducted to identify potential weaknesses in security and threats. Then, the goals must be set, the solutions implemented and periodic risk assessments, in order to maintain an adequate level of security.
