Bankers on FFIEC

The FFIEC guidance on online banking calls for strong authentication,
applied based on appropriate risk analysis and they even spell out the three
factors of authentication and state that single factor password
authentication isn't adequate. Yet, I've found many banks adding addition
questions to the login sequence and thinking they've added another factor.

Does anybody have experience with this situation and understand how banks
are getting around the Guidance for Online Banking requirements?

KWK

Relevant Pages

  • Feds Want Banks to Strengthen Web Log-Ons
    ... Internet customers through authentication that goes beyond mere user ... Financial Institutions Examination Council said in a letter to banks ... customers must confirm their identities ... other merchants that are willing to "federate" their Web sites with ...
    (comp.dcom.telecom)
  • Re: is ssl secure enough ?
    ... What's good enough for the banks is good enough for you: ... SSL with two factor authentication is generally a well accepted, ... standard design: yes. ... Dual-factor authentication will be a must and I ...
    (microsoft.public.windows.server.security)
  • Re: Bankers on FFIEC
    ... The FFIEC guidance is just that it is guidance. ... authentication until better, cheaper, easier methods are developed. ... authentication isn't adequate. ... I've found many banks adding addition ...
    (Security-Basics)
  • Re: Attacks on IPsec
    ... >These do not provide data encryption, ... >authentication (but I don't thin anyone uses them). ... I know of banks that use them over leased-line links to mainframes, ...
    (sci.crypt)
  • Re: SSNs and the law - True or False
    ... Someone told me it was only legal for Banks. ... would be better as a second means of authentication? ... >> Social Security Number. ... > But I should clarify that it is a really bad idea... ...
    (microsoft.public.security)