As I’m sure you are aware, the Federal Financial Institutions Examination Council (FFIEC) recently released its, “Supplement to Authentication in an Internet Banking Environment” guiding financial institutions to mitigate risk using a variety of processes and technologies as part of a multi-layered approach.
In light of this updated mandate, businesses need to move beyond simple challenge and response questions to more complex out-of-wallet authentication. Additionally, those incorporating device identification should look to more sophisticated technologies well beyond traditional IP address verification alone.
Recently, I contribute to an article on how these new guidelines might affect your institution. Check it out here, in full: http://ffiec.bankinfosecurity.com/articles.php?art_id=3932
For more on what the FFIEC guidelines mean to you, check out these resources – which also gives you access to a recent Webinar.