Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Compliance

03:11 PM
Cory Levine
Connect Directly
RSS
E-Mail
50%
50%

A Word for the Authentication Stragglers

Cory Levine, Wall Street & Technology In just a few short weeks, stronger user authentication should be in place for the online financial services industry, or so the Federal Financial Institutions Examination Council (FFIEC) is hoping. According to research from Aite Group, the retail brokerage community should be ready for the FFIEC's

Cory Levine, Wall Street & Technology

In just a few short weeks, stronger user authentication should be in place for the online financial services industry, or so the Federal Financial Institutions Examination Council (FFIEC) is hoping. According to research from Aite Group, the retail brokerage community should be ready for the FFIEC's end-of-year deadline, but there's nothing like a little last-minute advice. Authentication solution provider Cogneto offers some things to think about before leaving for your holiday vacation.Cogneto made three recommendations for firms still considering how to meet FFIEC guidelines:

Information security programs must identify and assess the risks associated with Internet-based products and services: The FFIEC states that financial institutions complete an overall assessment of their current security requirements. Cogneto recommends that organizations look for a solution that will constantly assess the risk climate in which transactions are taking place. A system that continuously analyzes risk in real time will go a long way in helping organizations adapt to future threats.

Information security programs must identify risk mitigation actions, including appropriate authentication strength: The appropriate risk mitigation technique depends entirely on the environment in which a transaction is being conducted. Financial organizations should stay away from solutions that rely on a single method of authentication, and instead find solutions that take a consensus approach to security. Solutions that evaluate risk at multiple levels, each weighted differently depending on the situation, give financial institutions the power to adapt to ever-changing customer profiles and situations

Information security programs need to measure and evaluate customer awareness efforts: User education is key to successfully preventing social engineering attacks such as phishing. Technology alone cannot solve the problems of fraud and ID theft, and users must also learn how they can play their part in the security process. Financial institutions should implement solutions that not only protect users, but also provide them with tools that will allow them to better protect themselves. Interactive help and educational components help should be a part of any FFIEC-compliant security solution.

Register for Wall Street & Technology Newsletters
Video
All Videos
Slideshows
Stressed Out by Compliance, Reputational Damage & Fines?
Stressed Out by Compliance, Reputational Damage & Fines?
Financial services executives are living in a "regulatory pressure cooker." Here's how executives are preparing for the new compliance requirements.
More Slideshows