Regulators have time. You don’t!

July 19, 2010

In 2005, the FFIEC released guidance titled Authentication in an Internet Banking Environment. The guidance focused on the need for a risk-based assessment, customer/member awareness training, and identity authentication.

In response, financial institutions began evaluating and implementing multi-factor authentication for online banking. While this was a step in the right direction, it was not enough.

What many financial institutions failed to fully understand is that in addition to customer authentication, the guidance and regulations also asked financial organizations to initiate a risk assessment process to make sure authentication mechanisms were sufficient and that customers and members be educated about risks associated with electronic banking (which includes debit cards and other forms of electronic banking). For many, the risk assessment and education pieces were left on the back burner, resulting in Regulators looking at new guidelines for stronger authentication mechanisms.

While new guidelines may eventually require us to do more, financial institutions should not wait to adopt new risk management strategies. Regulators take ample time to implement new policy, time financial institutions do not have when it comes to security. Hackers are quick to evolve tactics and execute attacks. Financial institutions should do the same.

A good start to staying on top of the game is to implement a broad customer/member information security training program. It doesn’t need to be expensive, just effective. Include materials such as statement stuffers, web pages dedicated to security topics, or small seminars. You may even want to partner with local computer companies that will work with your customers/members at a discounted rate. Customers/members will appreciate your resources. Remember, you can start off small and expand. The important part is that you do it.

Need help? Let us know! We have materials and resources to get you started.

–          TrustCC


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: