عنوان فارسی مقاله: FFIEC ارشاد احراز هویت مشتری: احراز هویت در محیط اینترنت بانکداری
عنوان انگلیسی مقاله:
فهرست مطالب
FFIEC Customer Authentication Guidance: Authentication in an Internet Banking Environment
About the Speaker
Discussion Topics
Overview of the FFIEC
Evolution of the Guidance
Evolving Cybercrime Landscape
Objectives of the Guidance
Layered Security Approach
Multi-Factor Authentication
Multi-Factor Authentication Examples
Effective Layered Controls
Establishing Effective Layered Controls
Risk Assessments
Recent Court Cases
New FFIEC Working Group
بخشی از مقاله
Establishing Effective Layered Controls
A well designed control framework does not always mean that effective controls are in place:
Effective authentication should have customer acceptance, reliable performance (with formally established policies and procedures), scalability to accommodate growth, interoperability with existing systems and future plan.
Effective Layered controls must have quality substance, not just the form of a control.
Challenge questions that are overused, or publically obtainable knowledge are not considered effective (eg. mother’s maiden name, high school the customer graduated from, year of graduation from college, etc). Utilization of sophisticated “out-of-wallet” questions along with “red herring” questions is considered effective.
Simple device identification (cookie based) and geolocation can be circumvented through the use of copying cookie files and proxies. Use of “one time” cookies and more complex digital fingerprints are considered to be effective tools.
کلمات کلیدی:
OCC: Authentication in an Internet Banking Environment: Supplementhttps://www.occ.treas.gov/news-issuances/bulletins/2011/bulletin-2011-26.htmlJun 28, 2011 - The financial regulatory agencies have issued a supplement to 2005 guidance on authentication in an Internet banking environment.[PDF]Authentication in an Internet Banking Environment - Board of ...https://www.federalreserve.gov/boarddocs/srletters/2005/SR0519a1.pdfAuthentication in an Internet Banking Environment. Purpose. On August 8, 2001, the FFIEC agencies[See Footenote1](agencies) issued guidance entitled ...FDIC: FIL-103-2005: Authentication in an Internet Banking Environmenthttps://www.fdic.gov/news/news/financial/2005/fil10305.htmlOct 12, 2005 - Summary: The Federal Financial Institutions Examination Council (FFIEC) has issued the attached guidance, “Authentication in an Internet ...Supplement to Authentication in an Internet Banking Environment The ...https://conetrix.com/.../supplement-to-authentication-in-an-internet-banking-environ...Jan 1, 2012 - On June 28 of 2011, the FFIEC published a Press Release titled "Supplement to Authentication in an Internet Banking Environment." In the ...FFIEC Supplement to Authentication in an Internet Banking Environmenthttps://www.finra.org/.../ffiec-supplement-authentication-internet-banking-environme...FFIEC Supplement to Authentication in an Internet Banking Environment. FFIEC Supplement to Authentication in an Internet Banking Environment · Securities ...Searches related to Authentication in an Internet Banking Environmentsupplement to authentication in an internet banking environmentauthentication in an internet banking environment 2005ffiec authentication guidance 2014ffiec authentication guidance 2016authentication in an internet banking environment 2013authentication in an internet banking environment 2012authentication in an internet banking environment 2016ffiec password guidelines