Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

Regulators issue cyber-security guidance
WASHINGTON (6/29/11)--Noting that many of the methods employed by identity thieves and other online criminals have changed, and that the scope of many of their crimes has grown, the Federal Financial Institutions Examination Council (FFIEC) has urged credit unions and other institutions to update some practices. Institutions should “perform periodic risk assessments considering new and evolving threats to online accounts and adjust their customer authentication, layered security, and other controls as appropriate in response to identified risks,” the FFIEC said. The recommendations are part of a risk management framework update that was released on Tuesday. The new guidance supplements the FFIEC’s Authentication in an Internet Banking Environment guidance that was issued in October of 2005. However, much of the guidance proposed in 2005 is now less effective than it was when it was first released, according to the FFIEC. The FFIEC has said that institutions should rely on more than one authentication method for online bankers and should consider providing different levels of user authentication for different types of online banking transactions. Financial institutions should implement layered levels of online security that are consistent with the risk presented by various consumer transactions, the FFIEC said. Layered security can include advanced fraud detection and monitoring systems and the use of debit blocks and other techniques to limit the amount that can be withdrawn from an account at a given time. Enhanced controls over the number of transactions allowed per day, the timing of any payments, the recipients of those payments, and other account activities can also be added. Institutions can also use software that blocks connections to web servers that have previously been involved in fraudulent transactions, the FFIEC said. Customers should also be made aware of fraud risks and the potential impact of fraud on their accounts, the FFIEC added. The FFIEC said that its various member agencies, including the National Credit Union Administration (NCUA), will “continue to work closely with financial institutions to promote security in electronic banking.” Financial examiners from these institutions will assess financial institutions’ adoption of these security methods starting in January of 2012, the FFIEC added. For the full release, use the resource link.
Other Resources

RSS print
News Now LiveWire
Bill sponsor said will support amndmt to incl. NCUA in the study & delay the agency's risk-based capital plan b4 full House vote. 2of2
3 minutes ago
Bill directing banking agencies to study appropriate capital requirmnts for mrtg servicing assets for nonsystemic banks clears committee1of2
6 minutes ago
The .@FinancialCmte passed #HR4042 and #HR5148 this morning. Both are reg. relief bills and have the strong support of @CUNA
8 minutes ago
FHFA today announced it's extending comment deadline for guarantee fees Fannie, Freddie charge lenders to Sept. 8.
16 hours ago
The 2014 @CUwomen Forum was held in Gold Coast, Australia yesterday during @WOCCU 's World CU Conference.
19 hours ago