Skip to content

Opt-out of Multi-factor Authentication

Answered by: 

Question: 
Can we allow customers to opt-out of multi-factor authentication?
Answer: 

No. The regulatory guidance on multi-factor authentication does not permit customers to opt out. The answer to Question #1 in the Customers section of the Agencies' August 15, 2006, Q&A document "Guidance on Authentication in an Internet Banking Environment," reads as follows:

"The Agencies believe that permitting customers to opt-out is not an effective risk mitigation strategy and would undermine the effectiveness of the control. In addition, this would not address reputation risk to the institution. However, an institution may permit customers to choose between different authentication options provided the options offered are consistent with the guidance."

First published on BankersOnline.com 2/12/07

First published on 02/12/2007

Filed under: 
Filed under technology as: 

Search Topics