Highlights:
-
Financial institutions offering Internet-based products and services should use effective methods to authenticate the identity of customers using those products and services.
-
Single-factor authentication methodologies may not provide sufficient protection for Internet-based financial services.
-
The FFIEC agencies consider single-factor authentication, when used as the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties.
-
Risk assessments should provide the basis for determining an effective authentication strategy according to the risks associated with the various products and services available to on-line customers.
-
Customer awareness and education should continue to be emphasized because they are effective deterrents to the on-line theft of assets and sensitive information.
Distribution:
FDIC-Supervised Banks (Commercial and Savings)
Suggested Routing:
Chief Executive Officer
Chief Information Security Officer
-
FIL-66-2005, Guidance on Mitigating Risks From Spyware, issued July 22, 2005
-
FIL-64-2005, Guidance on How Financial Institutions Can Protect Against Pharming Attacks, issued July 18, 2005
-
FIL-27-2004, Guidance on Safeguarding Customers Against E-Mail and Internet Related Fraud, issued March 12, 2004
-
FFIEC Information Security Handbook, issued November 2003
-
Interagency Informational Brochure on Phishing Scams, contained in FIL-113-2004, issued September 13, 2004
-
Putting an End to Account- Hijacking Identity Theft, FDIC Study, issued December 14, 2004
-
FDIC Identity Theft Study Supplement on Account-Highjacking Identity Theft, issued June 17, 2005
Note:
FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's Web site at
www.fdic.gov/news/financial-institution-letters/2005/index.html
.
To receive FILs electronically, please visit
http://www.fdic.gov/about/subscriptions/fil.html
.
Paper copies of FDIC FILs may be obtained through the FDIC's Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (1-877-275-3342 or (703) 562-2200).
|