The Federal Financial Institutions Examination Council (FFIEC), a formal government interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions, recently issued a supplement to the 2005 document “Authentication in an Internet Banking Environment” effective January 2012. The FFIEC has acknowledged that cybercrime is increasing and financial institutions need to increase their security and that of their customers.
Specifically the FFIEC states: “Since virtually every authentication technique can be compromised, financial institutions should not rely solely on any single control for authorizing high risk transactions, but rather institute a system of layered security, as described herein.”
This means the simple “username/password” combination for accessing your online banking is ineffective. And that banks should “adjust their customer authentication controls as appropriate in response to new threats to customers’ online accounts” and “financial institutions should implement more robust controls as the risk level of the transaction increases.”
The FFIEC’s previous statement implies it is encouraging the use of dual customer authorization typically seen when using digital security devices including smartcards and password generating key fobs.
This is where multifactor authentication comes in. Multifactor is generally something the user knows like a password plus something the user has like a smart card and/or something the user is like a fingerprint. In its simplest form, it is when a website asks for a four digit credit card security code from a credit card, or if our bank requires us to add a second password for our account.
Some institutions offer or require a key fob that provides a changing second password (one-time password) in order to access accounts, or reply to a text message to approve a transaction. All of this extra security is good for you.
Like Mom used to say, “Broccoli: like it or not, it’s for your own good.”
These measures provide layers of protection, which allow you to enjoy the convenience of online services with minimal risk. The benefits of logging in online and adding an extra code is far more convenient than schlepping all the way to the bank in person.
Robert Siciliano, personal security expert contributor to Just Ask Gemalto.