CHAPTER 12: FFIEC
US banks were required to comply, by December 2006, with an updated set of standards for online banking issued in October 2005 by the Federal Financial Institutions Examination Council (FFIEC)6 and called ‘Authentication in an Internet Banking Environment’.
FFIEC requires multi-factor authentication (‘MFA’) because single-factor authentication (‘SFA’) has proven inadequate against the tactics of increasingly sophisticated hackers, particularly on the internet. In MFA, more than one form of authentication is used to verify the legitimacy of a transaction. In contrast, SFA involves only a user ID and password.
Authentication methods that can be used in MFA include biometric verification such as finger scanning, iris recognition, ...
Get IT Regulatory Compliance in North America now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
