AUTHENTICATION IN AN INTERNET ENVIRONMENT Dominick E. Nigro NCUA Information Systems Officer.

Slides:

Advertisements

Similar presentations

FFIEC Agency Supplement to Authentication in an Internet Banking Environment

Advertisements

Women in Technology 2009 Mary Henthorn. Security Prevent loss, theft, or inappropriate access Privacy Ensure freedom from intrusion or disturbance Security.

Red Flag Rules: What they are? & What you need to do

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

©2012 CliftonLarsonAllen LLP Red Flags- Why This Matters to You An overview of the FACT Act Identity Theft Red Flag Rule and its current impact.

Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.

Consumer Authentication in e-Banking & Part 748 – Appendix B Response Program Catherine Yao Information Systems Officer NCUA.

RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.

Auditing Computer-Based Information Systems

Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.

Information Security Policies and Standards

Information Systems Security Officer

(Geneva, Switzerland, September 2014)

Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA The policy advocacy and regulatory work of the GSMA Mobile Money team.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

Emerging payment systems Risks and Regulations: the way forward.

BRIEFING TO THE PORTFOLIO COMMITTEE ON THE DPSA’S RISK MANAGEMENT STRATEGY PRESENTATION TO THE PORTFOLIO COMMITTEE 12 MAY

Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.

Information Security Technological Security Implementation and Privacy Protection.

Social Media Jeevan Kaur, Michael Mai, Jing Jiang.

Tiffany George Attorney, Division of Privacy & Identity Protection Federal Trade Commission COMPLYING WITH THE RED FLAGS RULE & ADDRESS DISCREPANCY RULE.

2015 ANNUAL TRAINING By: Denise Goff

HIPAA PRIVACY AND SECURITY AWARENESS.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Credit unions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback.

Introducing PIB A Personal Internet Branch for Credit Union Members Brought to you by Home Banking Revised: October 10, 2006.

Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.

FFIEC Customer Authentication Guidance: Authentication in an Internet Banking Environment.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Business & Technology A safety & soundness perspective Information Meetings September / October 2004.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

IDENTITY THEFT. RHONDA L. ANDERSON, RHIA, PRESIDENT ANDERSON HEALTH INFORMATION SYSTEMS, INC.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

Supervision of Information Security and Technology Risk Barbara Yelcich, Federal Reserve Bank of New York Presentation to the World Bank September 10,

Lesson 5-Legal Issues in Information Security. Overview U.S. criminal law. State laws. Laws of other countries. Issues with prosecution. Civil issues.

INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.

Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA.

Information Systems Ethics (Cyberethics) Dr. Robert Chi Department of Information Systems California State University, Long Beach.

Technology Supervision Branch Interagency Identity Theft Red Flags Regulation Bank Compliance Association of CT Bristol, CT September 3, 2008.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,

Addressing Unauthorized Release of Personal Information at UC Davis August 12, 2003.

Working with HIT Systems

FIRMA April 2010 DATA BREACHES & PRIVACY Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.

THE AUDIT BOARD OF INDONESIA : FIGHTING AGAINST CORRUPTION 10 th ASOSAI RESEARCH PROJECT MEETING Dec , 2012 SHENZHEN CITY - CHINA.

Unit 9: Electronic Fraud Professor Thomas Genovese.

Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch in Controllership : The Work of the Managerial Accountant,

Presented by: Hany Faidy Senior Vice President, Head of Compliance Division March 2009 Procedures followed by FI’s when reporting Suspicious Transaction.

Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.

Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.

IS 630 : Accounting Information Systems Auditing Computer-based Information Systems Lecture 10.

Configuring Electronic Health Records Privacy and Security in the US Lecture a This material (Comp11_Unit7a) was developed by Oregon Health & Science University.

Securing Online Banking By Ben White CS 591. Who Federal Financial Institutions Examination Council What To authenticate the identity of retail and commercial.

Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.

Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.

Chapter 3-Auditing Computer-based Information Systems.

Oregon DMV Fraud Prevention Program Tom McClellan, DMV Administrator.

Canada’s Breach Reporting Law What you need to know Timothy M. Banks, CIPP/C Dentons Canada LLP July 21, 2015.

Consumer Authentication in e-Banking & Part 748 – Appendix B Response Program Catherine Yao Information Systems Officer NCUA.

INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.

Chapter 3: IRS and FTC Data Security Rules

Move this to online module slides 11-56

Red Flags Rule An Introduction County College of Morris

DATA BREACHES & PRIVACY Christine M

Identity Theft Prevention Program Training

Getting the Green Light on the Red Flags Rule

Presentation transcript:

AUTHENTICATION IN AN INTERNET ENVIRONMENT Dominick E. Nigro NCUA Information Systems Officer

Reason For Guidance  Changes to Privacy and Security Regulations  Increased Incidents of Identity Theft/Fraud  Authentication Methods Contribute to Identity Theft/Fraud  Authentication Technology Advances

Why Effective Authentication?  Safeguard Member Information  Reduce Fraud/Identity Theft  Prevent Money Laundering and Terrorist Financing  Promote Legal Enforceability of Electronic Agreements and Transactions  Reduce Risk of Business with Unauthorized Individuals

What does NCUA expect?  Assess the Authentication Risks associated with Internet Based Services  Assess effectiveness of Authentication Methodology  Implement/Review program to Monitor Systems  Determine reporting policies/procedures in place if Unauthorized Access occurs  Evaluate Member Awareness Program

Authentication Risk Assessment  Identify all Access and Transactions associated with Internet-based products and services  Determine if Internet Based Services provide High Risk Transactions  Identify Authentication Methods used for Internet Based Services  Determine effectiveness of Authentication Methods for High Risk Transactions

Member Account Authentication  If Risk Assessment identifies inadequate Authentication for High Risk Transactions  Multifactor Authentication  Layered Security  Other Controls

Authentication Methods  Multifactor Authentication  Something the user knows (pin/password)  Something the user has (smart card/token)  Something a user is (biometrics, fingerprint)

Authentication Methods  Layered Security – Multiple controls and multiple control points  Other Controls – Technology and controls that are emerging or that may be introduced in the future

Monitoring Systems  Detection of Unauthorized Access  Implement Audit procedures which Assist in detection of fraudAssist in detection of fraud Money launderingMoney laundering Compromised passwordsCompromised passwords Other unauthorized activitiesOther unauthorized activities

Reporting Requirements  Unauthorized Access Requires Notifying  Management  NCUA Regional Director  Appropriate Law Enforcement  Filing Suspicious Activity Report  Member Notification  Appendix B of Part 748 of NCUA RR

Member Awareness Programs  Key to reduce Fraud and Identity Theft  Implement/Revise Member Awareness Program  Evaluate Education efforts  Identify additional efforts

Conclusion  Assess Risk of Internet-based products and services  Establish effective Authentication methods  Monitor systems for Unauthorized Access  Report Unauthorized Access  Notify Members of Unauthorized Access, if warranted  Educate members  Complete process by Year-end 2006