You are here

Turning Up The Heat: The FFIEC Spells Out Authentication Guidelines for Online Banking

Turning Up The Heat: The FFIEC Spells Out Authentication Guidelines for Online Banking

The latest guidelines on acceptable approaches to user authentication will place an additional burden on banks. But Aite Group believes that institutions have ample time to diligently identify risks and analyze possible solutions to reduce those risks. In

By Eva Weber

Boston, MA, December 2, 2005 – According to a new report from Aite Group, LLC, the new guidance from the Federal Financial Institutions Examination Council (FFIEC) on authentication of online banking users should not raise many issues for banks. While the guidance does raise expectations on banks for protection of their customers, it does not present banks with extremely tight timelines, nor does it prescribe technologies that banks would find problematic.

"The guidance is light on specifics, but heavy on process," according to Eva Weber, Aite Group analyst and the author of the report. "It doesn't spell out exactly what banks have to do, which is good news because banks of different sizes have different needs and work with different sets of constraints," Weber says. But, she adds, "it indicates that regulators want banks to be able to tell a story about what they are doing to address security concerns, and why."

Weber notes that the guidance will require banks to adopt multi-factor authentication methods, which means that banks will have to evaluate various technologies. "The trick will be maintaining customer convenience, which is the heart of online banking," Weber says. "And that raises interesting questions about consumer adoption of the various authentication technologies now available."

The report provides an historical perspective on the FFIEC's efforts to understand user authentication issues, and it summarizes key technologies that are being developed to meet growing demands. It highlights adoption and cost considerations that banks will have to balance if they are to satisfy regulatory requirements while providing consumers with the online banking services that they've come to expect. It also provides a simplified cost model that banks can use to better understand the potential impact of common enhanced authentication methods.

This is a 21-page Impact Note. Clients of Aite Group's Fraud & AML service can download the report.