Security

Payments News: FFIEC Internet Banking Guidance: Banks Begin to Show Their Hands

 Courtesy of PaymentNews, here is their review of FFIEC Internet Banking security guidance to date. 

Its notable the mix of solution, and the large banks have multiple solutions to address risk management, and well as specific authentication mechanisms, such as RSA tokens, or RSA/ Passmark.

Table 1 – Publicly Announced Implementations in response to FFIEC Guidance on Internet Banking

Bank Date, Component Source, Vendor
Wells Fargo
Jim Smith, EVP, Internet Channel and Products
“No one solution can solve the problem; we favor a layered security approach”		 8/28/06 WFB Press Release
  Real Time Risk Analysis Bharosa
  Integrated Data Quova
  Transaction and Session Behavior Actimize
  OTP RSA SecureID
  Account alerts to e-mail  
  Phish Report Network Symantec
  PR: “Be Safe”  
AMSouth Bank 8/27/06 Birmingham News
  Device ID + QA + Picture vendor not named
Zions Bank
Lee Carter, President of Online Banking
Suite called “SecureEntry”		 8/23/06 Zions/RSA Webcast
  Device ID RSA Adaptive Authentication
  Two-way authentication  
  Challenge questions  
  Client selected photo and phrase  
ING Direct 8/23/06 RSA Webcast
  Risk-based Authentication (DeviceID; Questions) RSA
  Anti-Phishing RSA
  7/27/06 Arcot Press Release
  Mutual Authentication Arcot
Washington Mutual 8/23/06 RSA Webcast
  Anti-Phishing RSA
  Risk-based Authentication (DeviceID; Questions) RSA
Barclay’s 8/23/06 RSA Webcast
  Anti-Phishing RSA
  Transaction Monitoring RSA
North Fork Bank / All Points Capital 8/23/06 Press Release
  Multi-factor authentication w software smartcard Arcot
US Bank 8/23/06 Entrust Press Release
  Activity Patterns Entrust / Business Signatures
Citibank 8/23/06 Entrust Press Release
  Activity Patterns Entrust / Business Signatures
Nevada State Bank 8/8/06 Press Release
  Mutual Authentication RSA / Passmark
Frost Bank 8/4/06 Bank Technology News
  Consumer: Mutual Authentication RSA/Passmark
  Commercial: PKI Signatures tbd
Silicon Valley Bank 7/31/06 Bharosa Press Release
  Fraud detection Bharosa
Desert Schools FCU 7/25/06 Bharosa Press Release
  Fraud detection Bharosa
  Multi-factor authentication Bharosa
Bank of America 2005  
  Mutual Authentication RSA / Passmark
E*Trade 2005  
  OTP RSA SecureID
  Risk-based Authentication (Device ID; Questions) RSA
  Anti-Phishing RSA

 

Source: Payments News: FFIEC Internet Banking Guidance: Banks Begin to Show Their Hands – September 01, 2006

 

tags: ,