Compliance Guru • FFIEC Guidance
  • Ask the Guru
  • The Guru Speaks
  • About
  • Ask the Guru
  • The Guru Speaks
  • About
By Tom Hinkel In Hot Topics

Mythbusting on-line security

As I write this (2/2011), we are expecting updated guidance from the FFIEC any day on on-line authentication and security.  It is way overdue, as the last release was way back in 2005.  It is supposed to address the changes in the security landscape since then, and hopefully it will even raise the bar a bit, but I’m afraid that it won’t do enough to dispel the 5 biggest myths regarding on-line security:

  • “My software vendor provides all the security I need.”
  • “My multi-factor hardware tokens provide all the security I need.”
  • “If I follow FFIEC guidelines, my measures will be considered ‘commercially reasonable'”.
  • “Multi-factor authentication is adequate”.
  • “The customer assumes partial responsibility for security (at least contractually)”.
  • “Unless Reg E is extended to commercial accounts, my financial liability is limited”.

I’m going to address why all these are false in future posts, but for now make sure your risk assessment doesn’t rely on any of them.

Print Friendly, PDF & Email

Share this:

  • Facebook
  • LinkedIn
  • Twitter
  • Print
Authentication commercially reasonable security

Article by Tom Hinkel

As author of the Compliance Guru website, Hinkel shares easy to digest information security tidbits with financial institutions across the country. With almost twenty years’ experience, Hinkel’s areas of expertise spans the entire spectrum of information technology. He is also the VP of Compliance Services at Safe Systems, a community banking tech company, where he ensures that their services incorporate the appropriate financial industry regulations and best practices.

Related Articles

  • Court rules in favor of Bank in account takeover case
  • New cyber attack targeting small to medium-sized financial institutions

Leave your comment Cancel Reply

You must be logged in to post a comment.

Join Our Community

Browse Posts

  • Ask the Guru
  • Ask the ISO
  • From the Field
  • Hot Topics
  • Reading Between the Lines
  • Resources

Copyright © Compliance Guru®.
All Rights Reserved.

Powered by Safe Systems. Privacy Policy

Stay up to date with these pandemic resources for community banking.See COVID-19 Resources
+