Getting stronger

Last October, an obscure government body called the FederalFinancial Institutions Examination Council (FFIEC) issued asecurity guideline that banks are treating as a mandate. Startingin January 2007, financial institutions must provide consumers ofonline financial services the same protection enjoyed by customersusing a debit card to buy groceries or gas: strong authentication.

Strong means two or more types of identity verification in returnfor access. At the grocery store or gas station (or, for thatmatter, the ATM), those two factors are usually a plastic card anda pass code. Online banking, on the other hand, still primarilyworks with “weak” single-factor authentication: a password.

Strong authentication is meant to take a McGruffian bite out ofonline crime. And, on the surface, it appears that forcing banks toadd a second factor of authentication (such as a fingerprint or asmart card) to a password could improve the deteriorating state ofonline security. But experts say it’s not a slam dunk that a secondfactor would significantly reduce emerging risks. According tosecurity guru Bruce Schneier, “Two-factor authentication will forcecriminals to modify their tactics, that’s all.”

The timing of the requirement has little to do with recent consumeroutrage over identity theft. Michael Jackson, chairman of the FFIECIT subcommittee that drafted the directive, says the organizationdecided that authentication technology was finally good enough tomake a de facto mandate realistic.

Most banks expected this; some were planning two-factorauthentication initiatives anyway. Nevertheless, complying with theFFIEC’s order may place a significant burden on all but the largestbanks.

“To compete, we have to give away Internet banking for free andonline bill-paying for free,” says Gerald Rome, director of IT atFirst American Bank & Trust in Vacherie, La. “You can’t addthis and keep doing everything for free.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now