Increased on-line threats. New FFIEC guidance. Expensive security upgrades? Not necessarily …
According to new research seen in BAI banking strategies June 2011, between 2003 and 2010, the average U.S. bank branch experienced a roughly one-third decline in the number of daily sales transactions generated by each non-teller staff member. That shows a significant number of transactions moving on-line. Also, according to that same research, roughly 80% of the daily activity in a typical teller line today is manual deposit-taking and check-cashing which could easily be migrated on-line. This points to further movement of transactions on-line increasing the number of users and number of transactions on-line
Federal Financial Institutions Examination Council (FFIEC) has released the long-awaited supplement to its “Authentication in an Internet Banking Environment guidance”, which was first issued by the FFIEC in October 2005. The guidance acknowledges that since 2005, there have been significant changes in the threat landscape and that malware can compromise some of the most robust online authentication techniques, including some forms of multi-factor authentication. The guidance also challenges the effectiveness of certain common authentication techniques including simple device identification and basic challenge questions.
On the other hand, most financial institutions are using the same methods that the FFIEC criticizes above as insufficient. According to Gartner, 73% of banks use Flash objects or cookies to identify devices, and 89% use challenge questions to verify the identity of the individual. For example, according to the FFIEC and our experts, experience has shown cookies may be copied and moved to a fraudster’s PC, allowing the fraudster to impersonate the legitimate customer.
Given these two trends, and constrained budgets, what can be done? You need to tighten the initial identification of a person (Identity Proofing). You need to provide strong authentication with layered security for on-going authentication. How much is this going to cost? Not as much as you think when you consider the Identity as a Service (IDaaS) choices. In addition sharing trusted identities across enterprises improves access for users and can increase trust through better identity proofing. Register for July 20 “On Demand Identity” webinar to learn more.