Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

Washington
Regulators issue cyber-security guidance
WASHINGTON (6/29/11)--Noting that many of the methods employed by identity thieves and other online criminals have changed, and that the scope of many of their crimes has grown, the Federal Financial Institutions Examination Council (FFIEC) has urged credit unions and other institutions to update some practices. Institutions should “perform periodic risk assessments considering new and evolving threats to online accounts and adjust their customer authentication, layered security, and other controls as appropriate in response to identified risks,” the FFIEC said. The recommendations are part of a risk management framework update that was released on Tuesday. The new guidance supplements the FFIEC’s Authentication in an Internet Banking Environment guidance that was issued in October of 2005. However, much of the guidance proposed in 2005 is now less effective than it was when it was first released, according to the FFIEC. The FFIEC has said that institutions should rely on more than one authentication method for online bankers and should consider providing different levels of user authentication for different types of online banking transactions. Financial institutions should implement layered levels of online security that are consistent with the risk presented by various consumer transactions, the FFIEC said. Layered security can include advanced fraud detection and monitoring systems and the use of debit blocks and other techniques to limit the amount that can be withdrawn from an account at a given time. Enhanced controls over the number of transactions allowed per day, the timing of any payments, the recipients of those payments, and other account activities can also be added. Institutions can also use software that blocks connections to web servers that have previously been involved in fraudulent transactions, the FFIEC said. Customers should also be made aware of fraud risks and the potential impact of fraud on their accounts, the FFIEC added. The FFIEC said that its various member agencies, including the National Credit Union Administration (NCUA), will “continue to work closely with financial institutions to promote security in electronic banking.” Financial examiners from these institutions will assess financial institutions’ adoption of these security methods starting in January of 2012, the FFIEC added. For the full release, use the resource link.
Other Resources

RSS print
News Now LiveWire
From @FHFA this a.m.: U.S. house prices up 0.5% in Aug. on seasonally adjusted basis from previous month. More here: http://t.co/1yVDOPggeX
47 minutes ago
@TheNCUA open meeting is slated to start at 10 a.m. ET. Should be a quick one. #NewsNow http://t.co/rfYjnat7eI
1 hours ago
Mass. CUs in unanimous vote joined RI and NH CUs in approving merger of the 3 state leagues 2 form the Cooperative Credit Union Association.
1 hours ago
.@RepDennyHeck to @NWCUA Amplify conference audience: "More often than not, CUs are part of the solution"
20 hours ago
LA Laker and NBA Legend Earvin "Magic" Johnson was the keynote speaker Tuesday @CCULReach, hosted by the Cal/Nev #CreditUnion Leagues
21 hours ago