FFIEC Agency Supplement to Authentication in an Internet Banking Environment http://www.ffiec.gov/pdf/Auth-ITS-Final%206-22-11%20(FFIEC%20Formated).pdf.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Weighing the Risks and Benefits of Online Financial Transactions
The Mobile Channel, TCPA and Privacy NCHELP New Orleans January 19, 2012 Mercedes Kelley Tunstall Of Counsel ballardspahr.com Jerod.
Combating Fraud Risk in Payment Systems. 2 Defining Fraud..a deliberate act of omission or commission by any person, carried out in the course of a banking.
1 2 Note: The following slides represent suggestions to enhance the writing of a SAR narrative. This information should be used in conjunction with the.
Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking – Slide 1 Funded by a grant from Take Charge America,
BARBADOS 2013 RESPONSE OF INTERNATIONAL COMMERCIAL BANKS TO CARD PAYMENT FRAUD Presenter: Denver Frater Regional Director & Chief Security Officer Eastern.
Technology Supervision Branch New FFIEC Guidance on Strong Authentication ABA Webcast January 11, 2006.
Chapter 6 E-commerce Payment Systems. Traditional Payment Systems Cash Checking Transfers Credit Card Accounts Stored Value Accounts Accumulating Balance.
Online and Mobile Banking Fraud Issues and Hot Topics Treasury Management Association of Chicago 2012 Windy City Summit (Chicago, Illinois) Erin F. Fonté,
Real-time Transaction based e-Governance project Mahatma Gandhi NREGA.
Are You Ready? Identity fraud and identity management are quickly becoming critical operational concerns for the financial industry. The Red Flags Guidelines.
Consumer Authentication in e-Banking & Part 748 – Appendix B Response Program Catherine Yao Information Systems Officer NCUA.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking Funded by a grant from Take Charge America, Inc.
Cyber Resilience Simon Onyons Financial Stability – Resilience Team.
Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA The policy advocacy and regulatory work of the GSMA Mobile Money team.
1 Money Transfer in Cyberspace MTRA 16 th Annual Conference November 13 – 15, 2006 Presented by Joseph Cachey III SVP, Global AML Compliance The Western.
Traditional and Electronic Payment Methods Chapter 3.
Security Bank of California Internet Banking Security Awareness.
Framework for Assessing Risk Managing ACH Risk Coming & Going
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Commercial eSecurity Training and Awareness. Common Online Threats Most electronic fraud falls into one of three categories:  PHISHING – Fraudulent s.
Wireless Password: ONLINE GAMING / GAMBLING KNOW - YOUR - CUSTOMER AND RISK MANAGEMENT.
Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010.
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Confidential On-line Banking Risks & Countermeasures By Vishal Salvi – CISO HDFC Bank IBA Banking Security Summit 2009.
Compliance and Regulation for Mobile Solutions Amanda J. Smith Messick & Lauer, P.C. May 16, 2013.
Information Security Update CTC 18 March 2015 Julianne Tolson.
© Grant Thornton LLP. All rights reserved FFIEC Authentication Guidance Association of Credit Union Internal Auditors 2012 Region 6 Conference September.
2015 ANNUAL TRAINING By: Denise Goff
What The Board Needs to Know COMPLIANCE HOT TOPICS.
Credit unions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback.
Electronic Commerce & Marketing. What is E-Commerce? Business communications and transactions over networks and through computers, specifically –The buying.
FFIEC Customer Authentication Guidance: Authentication in an Internet Banking Environment.
Traditional and Electronic Payment Methods Chapter 3.
AUTHENTICATION IN AN INTERNET ENVIRONMENT Dominick E. Nigro NCUA Information Systems Officer.
© 2009 National Automated Clearing House Association. All rights reserved. Industry Perspectives on Emerging Risks and Public/Private Engagement: Network.
IDENTITY THEFT. RHONDA L. ANDERSON, RHIA, PRESIDENT ANDERSON HEALTH INFORMATION SYSTEMS, INC.
NATO Advanced Research Workshop “Best Practices and Innovative Approaches to Develop Cyber Security and Resiliency Policy Framework” Scenario for Discussion.
Payment Systems. Payment Revolution 1970: Electronic Funds Transfer between banking industries 1980: Electronic Data Interchange (EDI) for e- commerce.
Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted.
By Kovtunenko Inna. Payment risks Protection measures Safety rules.
NIST Update: Part Deux Elaine Newton, PhD NIST
7.2.G2 Electronic Banking Trivia. 7.2.G2 © Family Economics & Financial Education – Revised May 2005 – Financial Institutions Unit – Electronic Banking.
Technology Supervision Branch Interagency Identity Theft Red Flags Regulation Bank Compliance Association of CT Bristol, CT September 3, 2008.
Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.
The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.
DRAFT 1 Belfast th World Cyber Security Technology Research Summit Suren Gupta Allstate Corporation Executive Vice President Allstate Technology.
The Digital Agenda for Payment Services
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
Step 2 – Register a Card To register a UR Card, you can send an to or fill out the registration form at one of our awesome
Section 3: Banking Services
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
Lesson 10A: The Three D’s of Identify Theft
Judy Graham, Program Officer
Consumer Authentication in e-Banking & Part 748 – Appendix B Response Program Catherine Yao Information Systems Officer NCUA.
Take Charge of your Finances
What The Board Needs to Know
System Access Authentication
Take Charge of your Finances
How to Protect Yourself from ID Theft and Social Engineering
Auburn Information Technology
Final HIPAA Security Rule
Identity Theft Prevention Program Training
Neopay Practical Guides #2 PSD2 (Should I be worried?)
Take Charge of your Finances
Getting the Green Light on the Red Flags Rule
Presentation transcript:

FFIEC Agency Supplement to Authentication in an Internet Banking Environment http://www.ffiec.gov/pdf/Auth-ITS-Final%206-22-11%20(FFIEC%20Formated).pdf Released: June 2011

Risk Assessment Review and Update: As new information becomes available Prior to implementing new services At least every 12 months Consider the following: Changes in threat environment Changes in membership base Changes in functionality Actual incidents of breach and fraud

High-Risk Transactions Defined as: Electronic transactions involving access to member information or the movement of funds to other parties. Not every online transaction poses the same level of risk. Consumer online banking Layered Security Commercial online banking Layered Security AND Multifactor authentication.

Layered Security Effective Controls include: Fraud detection and monitoring systems Use of dual member authorization Use of out-of-band verification Use of positive pay and debit blocks Enhanced controls over activities Block connection to IP address known for fraud Address member devices identified as compromised Enhanced control over maintenance activities Enhanced member education

Layered Security Programs Detect and Respond to Suspicious Activity At initial log-in and authentication At initiation of transfer to other parties Controls for Admin functions-Business Accounts Additional authentication routine

Effectiveness of Techniques Device Identification Simple – i.e. Cookies Sophisticated – i.e. Digital fingerprint Challenge Question Basic Questions Out of Wallet Questions

Member Awareness and Education Increase awareness and mitigate risk Include business and personal account holders Include: Protections under Regulation E When the CU would contact member for credentials Suggest commercial members perform Risk Assessment Mechanisms to mitigate risk List of CU contacts for members use

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.