FFIEC Guidance on Authentication
What is the FFIEC Guidance?
The Federal Financial Institutions Examination Council (FFIEC) released a supplement to its "Authentication in an Internet Banking Environment" guidance, which was first issued by the FFIEC in 2005. The deadline for meeting the new requirements and examinations with the new guidelines began in January 2012.
These updates of the FFIEC guidance specifically address customer authentication, layered security, and other controls in the growing online environment.
The official guidance highlights the need for:
- Better risk assessments
- Effective strategies for mitigating known online risks
- Improved customer and employee fraud awareness
Who is Impacted by the FFIEC Guidance?
U.S. financial institutions are required to mitigate risk using a variety of processes and technologies, employed in a layered approach. Businesses are required to move beyond simple questions, for example, to a more complex out-of-wallet identity verification procedure that incorporates broad data assets and analytics.
How Can Experian Help You Prepare for the FFIEC Guidance?
Our goal is to provide specific recommendations to modify existing processes in order to close the gap between current processes and the FFIEC’s expectations. We will help you refine your existing fraud and identity management processes to ensure that your organization meets the FFIEC’s expectations.
Recent Articles on the FFIEC guidelines
FFIEC Authentication Guidance: The Case for Knowledge-Based Authentication
The latest guidance issued by the Federal Financial Institutions Examination Council draws a line of clear distinction between the types of knowledge-based authentication available - from static challenge questions, such as those derived from customer enrollment information, to dynamic KBA sessions that serve as part of more complex out-of-wallet identity verification procedures. This article explores the differences of static questions and dynamic KBA sessions.
Risk-Based Authentication: A Vital Component in Ensuring FFIEC Compliance
The Federal Financial Institutions Examination Council (FFIEC) released a supplement to the "Authentication in an Internet Banking Environment" guidance, originally published in 2005. Within this update are "Specific Supervisory Expectations" related to an overall "General Supervisory Expectation" that institutes a "system of layered security." The specific expectations include, but are not limited to, conducting risk assessments at least every 12 months, customer authentication for high-risk transactions and layered security programs.
FFIEC Guidelines: Catching Up to Best Practices in Device Identification and Identity Verification
The latest guidance issued by the Federal Financial Institutions Examination Council (FFIEC) is asking U.S. financial institutions to mitigate risk using a variety of processes and technologies, employed in a layered approach. More specifically, businesses must move beyond simple device identification - such as IP address checks, static cookies and challenge questions derived from customer enrollment information - to more complex device identification and more complex out-of-wallet identity verification procedures.
If you would like to talk to someone at Experian about products or services, please submit the form below and we'll be in touch with you soon.
How big of a problem is first-party fraud?
First-party fraud, defined as fraud that occurs when consumers apply for credit with no intention of repaying funds, represents as much as 25% of total U.S. consumer credit card charge-offs and continues to outpace third-party frauds such as that associated with data breaches and card skimming