- Nokia's new N97 vs. the iPhone
- 10 Microsoft research projects
- Hard to get justice in MySpace case
- Smartphone smackdown: Storm vs. iPhone
- Apple removes antivirus support page
Federal regulators last week issued new Internet banking standards that will require adoption of stronger authentication methods by the end of next year.
The Federal Financial Institutions Examination Council (FFIEC ) said the industry needs to adopt more than just single-factor authentication for online banking in order "to reduce fraud, to inhibit identity theft, and to promote the legal enforceability of their electronic agreements and transactions." Government auditors are expected to begin evaluating banks for compliance to the new guidelines in 2007.
The FFIEC, which includes the Federal Reserve System, the Federal Deposit Insurance Corp. and the National Credit Union Administration, says it considers single-factor authentication alone "to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties."
In security parlance, factors are considered to be something you know, such as a password; something you have, such as a hardware token; and something you are, such as the unique print of your finger or the iris of your eye.
The FFIEC guidance lists a variety of factor possibilities, including USB token hardware, smart cards, password-generating tokens, as well as an assortment of biometrics. The FFIEC says it doesn't favor any particular method.
Banks and credit unions are starting to adopt stronger authentication, but are far from handing out tokens and capturing fingerprints and facial scans.
Bank of America, for example, is close to completing its nationwide rollout of SiteKey, based on technology from Passmark Security, which asks the online customer to select an image and personal phrases to share in challenge-and-response fashion. This validates the bank's Web site is real and is an extra measure of security if a customer's ID and password are stolen.
"At first we considered it an option for customers but now we've decided to make it a requirement," says Sanjay Gupta, e-commerce executive at Bank of America. "We want our customers to have strong protection."
But few banks have adopted hardware tokens or biometrics for widespread use in Internet banking.
U.S. Bancorp uses VeriSign's tokens in its high-end commercial banking operations. Tokens are in more prevalent use among European banks, such as Credit Suisse Group and Netherlands-based bank Rabba.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment