FFIEC is the Federal Financial Institutions Examination Council which is a government body empowered to prescribe uniform principles, standards and report forms for the federal examination of financial institutions by and for numerous other government, public, private and financial entities.
If there is a “good” place for your tax dollars to head, it’s to the FFIEC. And very recently the FFIEC has issued updated guidelines for financial institutions in regards to their cyber security and new threats your bank needs to counter.
Over the past decade as we have all (mostly) have banked and bought stuff online, criminals have formed organized web mobs to sniff out transactions and take over existing accounts and in some cases open up new accounts.
The FFIEC has certainly pointed this out and at the same time has made additional security recommendations since the last time they did in 2005 based on new kinds of criminal hacking and new technologies to combat it.
Hacking in its many forms involves compromising a system from numerous vantage points. A network can be hacked from the inside by an employee or former employee with credentialed access or from the outside by seeking vulnerabilities in a networks technology. But more often hacking takes place when an account holders access such as username and passwords are compromised.
To defend against all of these hacks the FFIEC recommends to financial institutions what’s called a “layered approach” of anti-fraud tools and techniques to combat crime. Meaning it’s not simply a matter of applying a firewall and having anti-virus to protect the network, but going much deeper in protecting many interaction points within the banking site (not just login) and using a variety of proven fraud prevention solutions.
That includes sophisticated methods of identifying devices and knowing their reputation (past and current behavior and other devices they are associated with) the moment they touch the banking website. The FFIEC has recognized complex device identification strategies as a viable solution that’s already proven strong at very large financial institutions. ReputationManager360 by iovation leads the charge with device reputation encompassing identification and builds on device recognition with real-time risk assessment, uniquely leveraging both the attributes and the behavior of the device.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Banks Sues Client Over Wire Fraud
Banks usually have relatively secure systems to maintain and protect online banking activities. They’ve spent billions to ensure that criminal hackers don’t liquidate all of our accounts. But criminals spend all their time seeking vulnerabilities and often find some way to make a fraudulent withdrawal. Over the past decade as we have all (mostly) banked and
- Banking Security Guidelines Go Into Effect in January 2012
As banking applications evolve, common attacks on banks are becoming correspondingly more sophisticated. Small businesses, municipalities, and moneyed individuals are often targeted for obvious reasons: they have hundreds of thousands of dollars, if not a few million, in the bank, but their security is often no more effective than that of an average American household. The
- Why Complex Device Identification Isn’t Enough
“Simple device identification” relies on cookies or IP addresses to confirm that a customer is logging in from the same PC that was used to create the account. The Financial Federal Institutions Examination Council has explained the fallibility of this system: “Experience has shown this type of cookie may be copied and moved to a fraudster’s PC, allowing
- FFIEC Mandates “System Of Layered Security” to Combat Fraud
For any cave-dwelling, living-under-a-rock, head-in-the-sand, naïve, under-informed members of society who aren’t paying attention, we have serious cyber-security issues on our hands. Black hat hackers, who break into networks to steal for financial gain, are wreaking havoc on banks, retailers, online gaming websites, and social media. Black hats cost these companies and their clients billions of dollars every year. They
- The FFIEC Wants You to Know…
The Federal Financial Institutions Examination Council recently released a supplement to the guide it issued in 2005, on authentication in an Internet banking environment. One of the FFIEC’s key recommendations for eliminating fraud is consumer awareness and education. At some level, you may be aware that financial institutions have a layered security approach in place. Those layers include
Leave a Comment
You must be logged in to post a comment.