Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

Regulators issue cyber-security guidance
WASHINGTON (6/29/11)--Noting that many of the methods employed by identity thieves and other online criminals have changed, and that the scope of many of their crimes has grown, the Federal Financial Institutions Examination Council (FFIEC) has urged credit unions and other institutions to update some practices. Institutions should “perform periodic risk assessments considering new and evolving threats to online accounts and adjust their customer authentication, layered security, and other controls as appropriate in response to identified risks,” the FFIEC said. The recommendations are part of a risk management framework update that was released on Tuesday. The new guidance supplements the FFIEC’s Authentication in an Internet Banking Environment guidance that was issued in October of 2005. However, much of the guidance proposed in 2005 is now less effective than it was when it was first released, according to the FFIEC. The FFIEC has said that institutions should rely on more than one authentication method for online bankers and should consider providing different levels of user authentication for different types of online banking transactions. Financial institutions should implement layered levels of online security that are consistent with the risk presented by various consumer transactions, the FFIEC said. Layered security can include advanced fraud detection and monitoring systems and the use of debit blocks and other techniques to limit the amount that can be withdrawn from an account at a given time. Enhanced controls over the number of transactions allowed per day, the timing of any payments, the recipients of those payments, and other account activities can also be added. Institutions can also use software that blocks connections to web servers that have previously been involved in fraudulent transactions, the FFIEC said. Customers should also be made aware of fraud risks and the potential impact of fraud on their accounts, the FFIEC added. The FFIEC said that its various member agencies, including the National Credit Union Administration (NCUA), will “continue to work closely with financial institutions to promote security in electronic banking.” Financial examiners from these institutions will assess financial institutions’ adoption of these security methods starting in January of 2012, the FFIEC added. For the full release, use the resource link.
Other Resources

RSS print
News Now LiveWire
.@CFPB is proposing to oversee larger nonbank auto finance companies for the first time at the federal level.
33 minutes ago
.@CUNA's Bill Hampel moderates a discussion on the future of credit unions in the post-100 million member world.
3 hours ago
#Breaking: QE likely to end next month, @federalreserve says #NewsNow #Market
3 hours ago
.@Experian study confirms that building a credit history is beneficial to financial marginalized communities. 64M are "credit invisibles"
3 hours ago
Reps. Sherman, Woodall and Heck speak about why they support CU tax status at The Hill forum.
3 hours ago