Jonathan Penn at Forrester makes the point that many US Banks have yet to make the decision on their two factor approach. 

Forrester Research: The State Of FFIEC Compliance: Indecision And Worry

At the half-way point toward the deadline for FFIEC compliance, most banks have not yet acted on selecting, much less implementing, solutions to strengthen online authentication.

I would make the additional observation, that the large banks have made their decisions, and its the smaller ones that (generally) have yet to make the move.  There are some good reasons but not good enough to wait in my view.  In fact, the following reasons are the more reason to move now, and then let the vendors sort themselves out.  The eventual winners are now clear.

When it comes to picking a technology to improve online security, banks are reluctant to pull the trigger because they are cautious about making changes to the customer’s online experience, concerned about the effectiveness and uncertainty of new technologies, and worried about the viability and support capabilities of new vendors.

RSA Security, with its recent acquisitions of Cyota and PassMark, is now the leader in this market, with VeriSign and Entrust the strongest contenders at this time. To capitalize on the short-term opportunities and compete effectively against RSA, we will see a flurry of acquisitions, and the market will move toward solutions that coordinate risk monitoring with strong authentication.

Relevance to Bankwatch:
Its important to have a security model, and not wait for the industry to develop it for you – otherwise you are always playing catch – up.

Technorati Tags: online_banking