Skip to content

FFIEC Telephone Banking Compliance

Answered by: 

Question: 
With the FFIEC guidelines related to multi-factor authentication, can you offer any information on the VRU/Telephone Banking platform? If banking clients access data via the telephone is the typical SSN/PIN/Account Number input enough to comply with the FFIEC?
Answer: 

On August 15, 2006, the FFIEC agencies published an FAQ on their October 2005 Guidance document. You can download a PDF copy of the FAQ here. The August document makes it clear that VRUs that can be used to obtain customer information or to transfer funds need to be reviewed for the adequacy of their access controls. Question 11 suggests strongly that single-factor authentication may not be sufficient for such as system: "Single-factor authentication alone would be adequate for electronic banking applications that do not process high-risk transactions, e.g., systems that do not allow funds to be transferred to other parties or that do not permit access to customer information."

First published on BankersOnline.com 9/25/06

First published on 09/25/2006

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Topics