EMI vs Comerica Future Looking Learnings
The Experi-metal v. Comerica dispute is going to trial and both sides have submitted briefs. The crux of the trial will center on what is “reasonable” security. “Reasonable” is going to require FFIEC-weigh-in. Aviva Litan of Gartner expects that more guidance will come but the ABA’s David Navetta disagreed on the value of what will be offered. Either way the long-term impact could be decided more in the court of public opinion. If small businesses rally together and say that transactional security consulting is something they expect from their bank, financial services will have to keep up. Don’t believe me?
In a survey presented by Doug Dannimiller of Aite, technical integration is a big determinant in which brokerage or banking institution financial analysts and the super-wealthy leverage for their personal finance. Not sure you see the relevance? What is to say that the financial controllers in corporate America have a different set of requirements for who they bank with? Do they use financial systems radically different than financial advisors and super-wealthy investors? Effectively the controller is your chief business user. He will have a voice at the table of what bank is used. Making that role the villain instead of the victim may not be banking’s best move.
The EMI v. Comerica case should give pause on how to approach multi-factor authentication with clients. Comerica let a business client enable unlimited wire transfers based on a single access checkpoint. Should any business be doing 5 or 6 (or 47 in this particular case) wire transfers in a three hour period without reauthorizing. Is that a common business need in any reputable industry?
Behavior-based graduated security is the best practice in all access management. Providing hackers with an opportunity to “phish once and you’re in” creates a problem. Not treating that as a financial institution responsibility creates a bigger problem. The fact this case is going to court indicates a “caveat emptor” approach to e-authentication is not sustainable regardless of what FFEIC says or doesn’t say is “reasonable.”
Equifax recommends enabling multi-factor authentication in online processing of wire transfers from banks to consumers, businesses, or other entities. If you aren’t sure your MFA solution is meeting this need, contact an MFA for Financial Institution specialist here.
This post was contributed by:
Recommended For You
A Two-step Authentication Approach Consumers are always on the go, using digital devices to make purchases, check account balances and […]
On February 9, 2016, the President implemented the Cybersecurity National Action Plan (CNAP) designed “to enhance cybersecurity awareness and protections, protect […]
Protecting protected health information (PHI) requires vigilance in today’s environment of increased sharing of personal information online. National HealthIT Week […]
More Americans than ever think they have been targeted in a data breach or online crime. According to a recent Wall […]