WASHINGTON (6/29/11)--Noting that many of the methods employed by identity thieves and other online criminals have changed, and that the scope of many of their crimes has grown, the Federal Financial Institutions Examination Council (FFIEC) has urged credit unions and other institutions to update some practices. Institutions should “perform periodic risk assessments considering new and evolving threats to online accounts and adjust their customer authentication, layered security, and other controls as appropriate in response to identified risks,” the FFIEC said. The recommendations are part of a risk management framework update that was released on Tuesday. The new guidance supplements the FFIEC’s Authentication in an Internet Banking Environment guidance that was issued in October of 2005. However, much of the guidance proposed in 2005 is now less effective than it was when it was first released, according to the FFIEC. The FFIEC has said that institutions should rely on more than one authentication method for online bankers and should consider providing different levels of user authentication for different types of online banking transactions. Financial institutions should implement layered levels of online security that are consistent with the risk presented by various consumer transactions, the FFIEC said. Layered security can include advanced fraud detection and monitoring systems and the use of debit blocks and other techniques to limit the amount that can be withdrawn from an account at a given time. Enhanced controls over the number of transactions allowed per day, the timing of any payments, the recipients of those payments, and other account activities can also be added. Institutions can also use software that blocks connections to web servers that have previously been involved in fraudulent transactions, the FFIEC said. Customers should also be made aware of fraud risks and the potential impact of fraud on their accounts, the FFIEC added. The FFIEC said that its various member agencies, including the National Credit Union Administration (NCUA), will “continue to work closely with financial institutions to promote security in electronic banking.” Financial examiners from these institutions will assess financial institutions’ adoption of these security methods starting in January of 2012, the FFIEC added. For the full release, use the resource link.