FFIEC Releases Supplemental Guidance on Internet Banking Authentication
The Federal Financial Institutions Examination Council1 (FFIEC) today issued a supplement to the Authentication in an Internet Banking Environment guidance, issued in October 2005. The purpose of the supplement is to reinforce the risk-management framework described in the original guidance and update the FFIEC member agencies’ supervisory expectations regarding customer authentication, layered security, and other controls in the increasingly hostile online environment.
The continued growth of electronic banking and greater sophistication of the associated threats have increased risks for financial institutions and their customers. Customers and financial institutions have experienced substantial losses from online account takeovers. Effective security is essential for financial institutions to safeguard customer information, reduce fraud stemming from the theft of sensitive customer information, and promote the legal enforceability of financial institutions' electronic agreements and transactions.
The supplement stresses the need for performing risk assessments, implementing effective strategies for mitigating identified risks, and raising customer awareness of potential risks, but does not endorse any specific technology for doing so. The FFIEC member agencies will continue to work closely with financial institutions to promote security in electronic banking and have directed examiners to formally assess financial institutions under the enhanced expectations outlined in the supplement beginning in January 2012.
Attachment: Supplement to Authentication in an Internet Banking Environment
# # #
Federal Reserve: Barbara Hagenbaugh, 202-452-2955
FDIC: David Barr, 202-898-6992
NCUA: David Small, 703-518-6336
OCC: Dean DeBuck, 202-874-5770
OTS: William Ruberry, 202-906-6677
SLC: Catherine Woody 202-728-5733
1 The FFIEC was established in March 1979 to prescribe uniform principles, standards, and report forms and to promote uniformity in the supervision of financial institutions. The Council has six voting members: the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, the National Credit Union Administration, the Office of Thrift Supervision, and the State Liaison Committee. The Council's activities are supported by interagency task forces and by an advisory State Liaison Committee, comprised of five representatives of state agencies that supervise financial institutions.
NCUA is the independent federal agency created by
the U.S. Congress to regulate, charter and supervise
federal credit unions. With the backing of the full
faith and credit of the U.S. Government, NCUA
operates and manages the National Credit Union Share
Insurance Fund, insuring the deposits of more than 96
million account holders in all federal credit
unions and the overwhelming majority of
state-chartered credit unions.