Posted by:
admin
15 years, 11 months ago
Bank Lawyer's Blog has an interesting post about an American Banker editorial (apparently not available online) about the new FFIEC guidelines for stronger authentication for online banking. In other words, if banks, even small institutions, haven't been thinking "strategically" about enterprise security, they should take this opportunity to do so. As Ms. Sraeel points out, such strategic thinking is necessary "given the pace of technological change and how adept criminals are at keeping pace with innovation."
We've already seen phishers target one-time passcode in Swedish. Clearly the bad guys will go where the money is.
The post quotes the editorial:
It was bound to happen. With the Internet's meteoric rise for commercial use over the past seven years, it's surprising that multi-factor authentication was not mandated sooner. Think of it this way: The more that institutions do to safeguard customer and corporate information, the less likely they are to incur losses (obvious) and other damages such as the lack of proprietary information affecting mergers, stock performance and product launches (becoming more obvious).
Most important, though, the guidance could prompt financial institutions to look beyond what is expected; for larger institutions, this could mean giving customers and partners secure access to more online services. This can only be good for business, and well worth the investment in multi-factor authentication.
So, there are two recommendations here:
- Don't just meet the guidelines, get secure. Anticipate the attacks and meet them head on.
- Extend your services based on the increased security. What can you now do that you couldn't before?
Banks that can provide value-added services and/or target high-value customers with the increased security will be the winners.
Share on Twitter Share on Facebook
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)