HealthcareInfoSecurity.com

The FFIEC in 2001 issued guidance entitled "Authentication in an Electronic Banking Environment." In 2005, the FFIEC updated that guidance and replaced it with the new 2005 version, which specifically addresses why financial institutions regulated by the agencies should conduct risk-based assessments, evaluate customer awareness programs, and develop security measures to reliably authenticate customers who remotely accessing Internet-based financial services.

This list of frequently asked questions aims to clarify authentication guidance issued by the FFIEC in 2005, an update to the 2001 guidance, "Authentication in an Electronic Banking Environment." The FAQs address the need for risk-based assessments, customer awareness and enhanced security measures to authenticate customers using Internet-based products and services that process high-risk transactions involving access to customer information or the movement of funds to other parties.

This drafted version of a supplement to the FFIEC's 2005 online authentication guidance aims to reinforce the need for a risk management framework and update the FFIEC agencies' expectations in 2010, as they relate to customer authentication, layered security and/or other controls that touch the online environment.

This library is compiled by BITS - a division of the Financial Services Roundtable, and includes publicly available reports and documents that touch on fraud-related issues. This page is periodically updated and includes fraud-related information.

This publication of the BITS Security Program was developed in partnership with eCert. "The Email Sender Authentication Deployment: Best Practices and Considerations for Financial Institutions" is intended to contribute to the body of information on security for financial-services e-mail. It is designed to support improvements in the e-mail security channel through the use of authentication as a foundational tool to reduce e-mail fraud, such as phishing. This publication builds on "BITS Email Security Toolkit: Protocols and Recommendations for Reducing the Risks," which was published in April 2007.

NACHA - The Electronic Payments Association, works with ACH participants to take action and preventative steps to address and stop ACH-related, corporate account takeover fraud. In this paper, Elliott McEntee, CEO of Payment Advisory Service LLC, a consulting business that specializes in electronic payments, discusses some of NACHA's efforts to curb fraud, highlighting NACHA's call for new risk management procedures, risk-based rules and industry communication.

In spring 201, the Obama Administration formally launched its National Strategy for Trusted Identities in Cyberspace (NSTIC), a plan to work with the private sector to develop a private market for secure identity credentials for the Internet. The plan calls for the establishment of an "Identity Ecosystem," a system by which consumers can choose to obtain "trusted" IDs from one or more private or public credential providers. Consumers can then use those credentials to prove their identity when carrying out sensitive transactions, such as banking. The NSTIC system would work by creating a set of standards for privacy protection and interoperability of online credentials based on cryptography and other techniques, such as multifactor authentication.

In March 2011, the Credit Union National Association submitted a comment to NACHA regarding NACHA's proposed framework to provide additional security for sensitive ACH data. CUNA is the largest credit union advocacy organization in the United States, representing approximately 90 percent of the country's 7,600 state and federal credit unions, which serve 93 million members.

The Financial Services Information Sharing and Analysis Center (FS-ISAC), along with the Federal Bureau of Investigation and the Internet Crime Complaint Center (IC3) in 2011 released this publication about how institutions should address growing threats posed by incidents of corporate account takeover. The publication was created as part of a joint effort between the three aforementioned agencies and the United States Secret Service. Other FS-ISAC resources may be found on FS-ISAC's resource page: http://www.fsisac.com/news/index.php.