Council revises digital banking risk guidance

(Aug. 13, 2021) Revised guidance on effective authentication and access risk management principles and practices related to digital banking services and information systems was issued this week by NCUA and other federal financial institution regulators.

The guidance, issued by the regulators as FFIEC members (including the State Liaison Committee (SLC)), replaces direction issued in 2005 and 2011 on Internet-based services, focusing not only on customer access but also access by employees and third parties, the exam council said.

“This Guidance acknowledges significant risks associated with the cybersecurity threat landscape that reinforce the need for financial institutions to effectively authenticate users and customers to protect information systems, accounts, and data,” the guidance states in its introduction. “The Guidance also recognizes that authentication considerations have extended beyond customers and include employees, third parties, and system-to-system communications.”

The exam council said the revised guidance:

  • Highlights the current cybersecurity threat environment including increased remote access by customers and users, as well as raids that leverage compromised credentials; and mentions the risks arising from push payment capabilities.
  • Recognizes the importance of the financial institution’s risk assessment to determine appropriate access and authentication practices to determine the wide range of users accessing financial institution systems and services.
  • Supports a financial institution’s adoption of layered security and underscores weaknesses in single-factor authentication.
  • Discusses how multi-factor authentication or controls of equivalent strength can more effectively mitigate risks.
  • Includes examples of authentication controls, and a list of government and industry resources and references to assist financial institutions with authentication and access management.

LINK:

FFIEC Issues Guidance on Authentication and Access to Financial Institution Services and Systems

Related topics: , ,

Related News

TransUnion Report: 2024 State of Omnichannel Fraud

Trends and insights for enabling trusted commerce Global digital transaction growth following the pandemic pushed fraud to new heights in 2023. Identity-based fraud is accelerating as cybercriminals harvest more stolen…

News Klarna to launch credit card offering in the US “over the next few months”

Following successful debuts in Europe, Swedish buy now, pay later (BNPL) firm Klarna is now preparing to extend its credit card offering to consumers in the US. Klarna Card to launch in…

CFPB Takes Action to Stop Illegal Junk Fees in Mortgage Servicing

Homeowners forced to pay for “services” that were prohibited or unauthorized. The Consumer Financial Protection Bureau (CFPB) today published an edition of Supervisory Highlights describing the agency’s actions to combat junk fees…