What The FFIEC Is Doing to Protect You and Your Bank

FFIEC is the Federal Financial Institutions Examination Council which is a government body empowered to prescribe uniform principles, standards and report forms for the federal examination of financial institutions by and for numerous other government, public, private and financial entities.

If there is a “good” place for your tax dollars to head, it’s to the FFIEC. And very recently the FFIEC has issued updated guidelines for financial institutions in regards to their cyber security and new threats your bank needs to counter.

Over the past decade as we have all (mostly) have banked and bought stuff online, criminals have formed organized web mobs to sniff out transactions and take over existing accounts and in some cases open up new accounts.

The FFIEC has certainly pointed this out and at the same time has made additional security recommendations since the last time they did in 2005 based on new kinds of criminal hacking and new technologies to combat it.

Hacking in its many forms involves compromising a system from numerous vantage points. A network can be hacked from the inside by an employee or former employee with credentialed access or from the outside by seeking vulnerabilities in a networks technology. But more often hacking takes place when an account holders access such as username and passwords are compromised.

To defend against all of these hacks the FFIEC recommends to financial institutions what’s called a “layered approach” of anti-fraud tools and techniques to combat crime. Meaning it’s not simply a matter of applying a firewall and having anti-virus to protect the network, but going much deeper in protecting many interaction points within the banking site (not just login) and using a variety of proven fraud prevention solutions.

That includes sophisticated methods of identifying devices and knowing their reputation (past and current behavior and other devices they are associated with) the moment they touch the banking website. The FFIEC has recognized complex device identification strategies as a viable solution that’s already proven strong at very large financial institutions. ReputationManager360 by iovation leads the charge with device reputation encompassing identification and builds on device recognition with real-time risk assessment, uniquely leveraging both the attributes and the behavior of the device.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft in front of the National Speakers Association. (Disclosures)