By Rahul AroraIn its new report, FFIEC has appreciated PhoneFactor (News - Alert) for its out-of-band authentication services that have enabled banks to meet new recommendations for layered security and stronger authentication. The report titled “FFIEC Guidance on "Authentication in an Internet Banking Environment” has recognized PhoneFactor that helps in authenticating online banking logins and verifying funds transfers, such as ACH, wire transfers, etc., through a completely out-of-band process using any ordinary phone. Moreover, it also identified emerging trends like biometrics and the use of dual controls, which PhoneFactor offers as well.
"The 2005 FFIEC Guidance pushed financial institutions to take important steps to protect their customers, but as threats have evolved, some financial institutions have failed to update their control mechanisms accordingly," said Tim Sutton, PhoneFactor CEO and co-founder, in a press release. "As a result, many of the security measures in place today are outdated and ineffective."
The report includes the concept of layered security approach introduced by FFIEC in response to threats like man-in-the-middle and keylogging. According to FFIE, the approach extends security controls beyond the initial login to include online banking transactions and administrative functions. The use of out-of-band verification for transactions was recommended as an effective control against these attacks. The report also says that Internet authentication has taken on a new level of importance given the preponderance of malware on customer PCs, which can defeat OTP tokens, device identification, challenge questions, and many other forms of strong authentication. In particular, closed loop methods that complete the authentication in the out-of-band channel are seen as offering a greater level of security.
"The updated FFIEC Guidance presents a view of the current threat landscape and the security controls that are successful in preventing online banking fraud today," said Sutton. "These changes, particularly transaction-level security and out-of-band authentication, set a new standard for banks and financial institutions and will substantially impact the way they approach online banking security going forward."
Rahul Arora is a TMCnet contributor. He has worked as an editor and freelance writer for several reputed organizations in India. To read more of his articles, please visit his columnist page.
Edited by Rich Steeves