Home page logo

basics logo Security Basics mailing list archives

Bankers on FFIEC
From: "Ken Kousky" <kkousky () ip3inc com>
Date: Wed, 14 Mar 2007 20:42:52 -0400

The FFIEC guidance on online banking calls for strong authentication,
applied based on appropriate risk analysis and they even spell out the three
factors of authentication and state that single factor password
authentication isn't adequate. Yet, I've found many banks adding addition
questions to the login sequence and thinking they've added another factor.

Does anybody have experience with this situation and understand how banks
are getting around the Guidance for Online Banking requirements?


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]