FFIEC releases long awaited guidance on authentication
Given the breaches at RSA which affects many of the financial institutions that use hard tokens from RSA, and the increased threats through other vectors, this clarity and certainty is sure to be a welcome addition for banks and other financial institutions. The guidance acknowledges that since 2005, there have been significant changes in the threat landscape and that malware can compromise some of the most robust online authentication techniques, including some forms of multi-factor authentication. The guidance also challenges the effectiveness of certain common authentication techniques including simple device identification and basic challenge questions.
According to this guidance FFIEC believes that institutions should no longer rely on one form of customer authentication. They say that one dimensional customer authentication program is simply not robust enough to provide the level of security that customers expect and that protects institutions from financial and reputation risk. Equifax agrees with this and has developed solutions that utilizes multiple authentication vectors which are used selectively based on the risk. Equifax provides the layered security solution which has been implemented at banks, government and healthcare organizations. The solution meets the needs of financial institutions with respect to the new FFIEC guidance. We can help you in the journey to quickly implement a solution that meets the guidance. To learn more contact us at Technology@equifax.com.
Recommended For You
A Two-step Authentication Approach Consumers are always on the go, using digital devices to make purchases, check account balances and […]
On February 9, 2016, the President implemented the Cybersecurity National Action Plan (CNAP) designed “to enhance cybersecurity awareness and protections, protect […]
Protecting protected health information (PHI) requires vigilance in today’s environment of increased sharing of personal information online. National HealthIT Week […]
Companies have spent a great deal of time and money protecting their core systems and infrastructure from cyber attacks — hardening […]