Page 3 of 3 1 2 3
Thread Options
#440174 - 06/09/06 05:04 PM Re: FIL-103-2005 Authentication in an Internet Banking
deppfan Offline
Power Poster
Joined: Dec 2000
Posts: 5,184
All over the map.
Quote:

Instead a better option we are thinking of is to send a one time password to the e-mail ID of the customer. This OTP should be valid for that particular transaction only & will expire in say 3 minutes. Everybody who is accessing Internet Banking would be able to view his / her e-mail account.

Is this solution acceptable to FDIC/FFIEC?




Hmmm. Interesting. I'm not sure if that would qualify as something you "know" or something you "have". I think I could argue that both ways.
_________________________
On the road again.....I just can't wait to get on the road again.

Return to Top
eBanking / Technology
#440175 - 06/09/06 06:39 PM Re: FIL-103-2005 Authentication in an Internet Banking
MikeJ Offline
Member
MikeJ
Joined: Nov 2002
Posts: 76
MA
I don't know if you guys are aware of this company (and I have no comment or view on the actual product) but they have some pretty good information on this subject at http://www.phishcops.com

Return to Top
#440176 - 06/16/06 09:28 PM Re: FIL-103-2005 Authentication in an Internet Banking
Kahola Offline
Platinum Poster
Kahola
Joined: May 2001
Posts: 712
Scottsdale, AZ. 85255
Does this apply to telephone banking? Our customers can call our 24 hour banking line to access their account balances and perform inter bank transfers?

Return to Top
#440177 - 06/19/06 02:48 PM Re: FIL-103-2005 Authentication in an Internet Banking
Oursisnottoreasonwhy Offline
Gold Star
Oursisnottoreasonwhy
Joined: Nov 2004
Posts: 459
Central Illinois
It is my understanding per the Chicago FDIC Regional Office that it does encompass telephone banking products.

Return to Top
#440178 - 06/20/06 07:33 PM Re: FIL-103-2005 Authentication in an Internet Banking
Neytiri Offline
Platinum Poster
Neytiri
Joined: Jul 2002
Posts: 645
Pandora
The OCC wants all non-Internet e-banking products included. For us this is only telephone banking, which is balance inquiry only. From what I have read, internal transfers are not high risk transactions whether by IB or automated phone transfer.

Return to Top
#440179 - 06/20/06 07:38 PM Re: FIL-103-2005 Authentication in an Internet Banking
Sentient Offline
New Poster
Sentient
Joined: Jun 2006
Posts: 1
South Florida
Does anyone have a link to documentation that states Telephone banking should be included or excluded? I've heard verbal comments for either, but have yet to see any concrete documentation.

Return to Top
#440180 - 06/27/06 02:32 PM Re: FIL-103-2005 Authentication in an Internet Banking
vaforlovers Offline
100 Club
Joined: Nov 2004
Posts: 107
What is everyone doing for the customer awareness program?
How are you going about educating the customers?

Return to Top
#440181 - 06/28/06 09:32 PM Re: FIL-103-2005 Authentication in an Internet Banking
RebekahL CRCM Online
Platinum Poster
RebekahL CRCM
Joined: Feb 2003
Posts: 749
Big Sky Country
What about e-statements?

Currently, our customer uses a password to open an e-statement we've e-mailed to them. Would this be considered an "Internet-based product or service" subject to the multi-factor authentication requirements?

Obviously, no transactions are being initiated, but a sizeable amount of customer information resides in the statement info and imaged checks.
_________________________
Me, Type A? Maybe - I'm not done analyzing it yet.

Return to Top
#440182 - 08/30/06 04:56 PM Re: FIL-103-2005 Authentication in an Internet Banking
inbtfa Offline
New Poster
Joined: Jun 2006
Posts: 7
Is account number considered sensitive customer information

Return to Top
#440183 - 08/30/06 07:13 PM Re: FIL-103-2005 Authentication in an Internet Banking
Neytiri Offline
Platinum Poster
Neytiri
Joined: Jul 2002
Posts: 645
Pandora
One quick place to look is in the 8/15/2006 FAQ FFIEC Guidance on Authentication in an Internet Banking Environment. Q-2 states that it applies to all forms of e-banking, including telephone banking systems.

Return to Top
Page 3 of 3 1 2 3

Moderated by:  Andy_Z