-
Final FFIEC Authentication Guidance just released
Well, after much anticipation and speculation we finally have the updated FFIEC guidance, and there doesn’t appear to be anything radically new here that would justify waiting an additional 6 months. At the very least I thought we might see some changes in the Effectiveness of Certain Authentication Techniques section, or in the Appendix (Threat…
-
The RSA breach, and 5 things you should do
For those of us already waiting for the latest update on guidance from the FFIEC on Internet Authentication, the news of the recent RSA SecurID breach complicates things a bit. One-time password (OTP) hardware devices (tokens…
-
Mythbusting on-line security
As I write this (2/2011), we are expecting updated guidance from the FFIEC any day on on-line authentication and security. It is way overdue, as the last release was way back in 2005. It is supposed to address the changes in the security landscape since then, and hopefully it will even raise the bar a…
-
Top 5 Compliance Trends for 2011 – Part 5
As I write this, the only case to go to trial of a Bank suing the Merchant over account takeover losses is awaiting the jury’s decision. The result may redefine the liability, and by definition the roles and responsibilities, of both the financial institution and the merchant when it comes to securing electronic transactions. It…
-
FFIEC to issue updated authentication guidance?
I’ve been hearing this rumor for a while now, but we may actually be seeing something new from the FFIEC soon. Gartner is the latest to suggest
