Title: Countdown to FFIEC Fitness: As Authentication Deadline Nears, Banks Consider All Options
Abstract: Like early birds with worms, banks that began to revamp their online authentication process prior to regulatory prodding have been validated by the powers that be and are in a relaxed state of waiting. Zions Bank, for one, opted to beat any mandates related to the Federal Financial Institutions Examination Council's strong authentication guidance, dated October 2005 and with an action date of January 2007. The Utah-based regional powerhouse had begun thinking about the issue a year and a half ago, says Lee A Carter, president of online banking for Zions. It was done because it is the right thing to do, the executive says simply. Opting for a device-profiling solution, Zions launched its enhanced front door, after extended fanfare and customer education on July 20. Vasco, with U.S. offices in Chicago, is the largest global provider of authentication, and as such, is familiar with other early adopters. Adam Dolby, business development manager, financial sector, indicates clients that include ABN Amro, Sovereign, and Wachovia all say, it on, when it comes to prospect of facing more demanding examiners. is really a global issue, says Dolby. It's been interesting to see the use of improved authentication methodology and software migrate from Europe and Canada to Asia and now--largely because of FFIEC--to the U.S., he explains. FFIEC confusion Now, with a December 30 deadline on matters related to authentication closing in, it's time for the laggards to get in the groove. The question is, how best--and how exactly--to supplement the lowly, now largely discredited, password? There are many options, even too many, to choose among. Meanwhile, some confusion still exists about what is actually required even as most experts believe that what a guidance-related project can't be is significantly underdone at the dawn of 2007. Still, the penalties aren't yet clear and rumors are circulating of an extended grace period throughout next year. Against this backdrop, banks are figuring out how to proceed. Banks are on a measured course of action with this, notes Beth Robertson, research director with Gartner, Stamford Conn. She admitted surprise at the attendance levels at June conferences and webinars that discussed preparation for FFIEC guidance. Robertson notes that most institutions are still figuring out what will be best for their needs, target markets, and transaction risk profiles. Even though Zions is good on the authentication front, for example, executives there are already thinking about what else needs to be done to protect riskier transactions, according to Carter. Dennis Maicon, vice-president, Digital Resolve, Norcross, Ga., also sees bankers (particularly from the larger institutions) thinking through the security issues and broader requirements only obliquely referred to by the guidance, which, admittedly, dovetails with the company's 360 degree marketing message. Among my perspective customers, the thinking is, this is also an opportunity to address fraud comprehensively, Maicon explains. This would include the ability to monitor channel activity and stop suspect transactions, for instance, while creating audit trails useful for reporting purposes and for working with authorities when the inevitable investigation arises. Gartner's Robertson agrees that most banks want to solve root issues of transaction and data protection as well as address multiple potential avenues of fraud. But she points out, anything that gets re-engineered has to also be financially feasible and make sense in terms of the institution's net risk profile. We bring this up because there are many who say that too much emphasis is at the front-door, mostly due to a misinterpretation of what FFIEC's authentication guidance suggests more broadly about how to best engineer online security. Instead, these advocates believe, the emphasis ought to be on increasing consumer confidence in the channel and, in fact, making it safer. …
Publication Year: 2006
Publication Date: 2006-09-01
Language: en
Type: article
Access and Citation
AI Researcher Chatbot
Get quick answers to your questions about the article from our AI researcher chatbot