Boston, MA, December 2, 2005
– According to a new report from Aite Group, LLC, the new guidance from the Federal Financial Institutions Examination Council (FFIEC) on authentication of
online banking users should not raise many issues for banks. While the guidance does raise expectations on banks for protection of their customers, it does not
present banks with extremely tight timelines, nor does it prescribe technologies that banks would find problematic.
"The guidance is light on specifics, but heavy on process," according to Eva Weber,
Aite Group analyst and the author of the report. "It doesn't spell out exactly what banks have to do, which is good news because banks of different sizes have different needs and work
with different sets of constraints," Weber says. But, she adds, "it indicates that regulators want banks to be able to tell a story about what they are doing to address security concerns, and why."
Weber notes that the guidance will require banks to adopt multi-factor authentication methods, which means that banks will have to evaluate various technologies.
"The trick will be maintaining customer convenience, which is the heart of online banking," Weber says. "And that raises interesting questions about consumer adoption of the
various authentication technologies now available."
The report provides an historical perspective on the FFIEC's efforts to understand user authentication issues, and it summarizes key technologies that are being
developed to meet growing demands. It highlights adoption and cost considerations that banks will have to balance if they are to satisfy regulatory requirements while providing
consumers with the online banking services that they've come to expect. It also provides a simplified cost model that banks can use to better understand the potential impact of
common enhanced authentication methods.
|
