Cory Levine, Wall Street & Technology
In just a few short weeks, stronger user authentication should be in place for the online financial services industry, or so the Federal Financial Institutions Examination Council (FFIEC) is hoping. According to research from Aite Group, the retail brokerage community should be ready for the FFIEC's end-of-year deadline, but there's nothing like a little last-minute advice. Authentication solution provider Cogneto offers some things to think about before leaving for your holiday vacation.Cogneto made three recommendations for firms still considering how to meet FFIEC guidelines:
Information security programs must identify and assess the risks associated with Internet-based products and services: The FFIEC states that financial institutions complete an overall assessment of their current security requirements. Cogneto recommends that organizations look for a solution that will constantly assess the risk climate in which transactions are taking place. A system that continuously analyzes risk in real time will go a long way in helping organizations adapt to future threats.
Information security programs must identify risk mitigation actions, including appropriate authentication strength: The appropriate risk mitigation technique depends entirely on the environment in which a transaction is being conducted. Financial organizations should stay away from solutions that rely on a single method of authentication, and instead find solutions that take a consensus approach to security. Solutions that evaluate risk at multiple levels, each weighted differently depending on the situation, give financial institutions the power to adapt to ever-changing customer profiles and situations
Information security programs need to measure and evaluate customer awareness efforts: User education is key to successfully preventing social engineering attacks such as phishing. Technology alone cannot solve the problems of fraud and ID theft, and users must also learn how they can play their part in the security process. Financial institutions should implement solutions that not only protect users, but also provide them with tools that will allow them to better protect themselves. Interactive help and educational components help should be a part of any FFIEC-compliant security solution.