Friday, March 5, 2010

Regulators Revisit E-Banking Security Guidelines

KrebsOnSecurity: Prodded by incessant reports of small- to mid-sized business losing millions of dollars at the hands of organized cyber criminals, federal regulators may soon outline more stringent steps that commercial banks need to take to protect business customers from online banking fraud and educate users about the risks of banking online. ... At issue are the guidelines jointly issued in 2005 by five federal banking regulators under the umbrella of the Federal Financial Institutions Examination Council (FFIEC). The guidance was meant to prod banks to implement so-called “multifactor authentication” — essentially, to require customers to provide something else in addition to a user name and password when logging into their bank accounts online, such as the output from a security token.


Read more ...