Is there anything stating that we must force our credit union member to opt into answering a security question for password resets online?
We have had several customers express ardent displeasure with multi-factor authentication and the desire to be "opted out." Our system allows for opt-out but an FDIC examiner has told us that opt-out should never be allowed. I understand that it should be extremely limited, but if a very good customer says "turn it off," why should they not have the choice since it is being put in place for their security - provided they are willing to sign some kind of hold harmless agreement. From a Regulatory compliance standpoint we are meeting our obligations by putting multi-factor generally in place, but is the expectation that no customer ever be given a choice?
As more and more business customers rely on e-mail, should the bank wire departments accept wire requests (scanned from the banks wire form) via e-mail?
Would we meet the multifactor authentication requirements by adding a second password requirement to the logon page of internet banking?
Just completed listening to a CD that we purchased from you titled Multi-Factor Authentication. Unfortunately, I don't get a chance to ask questions, so I'm sending this one off to you in hopes that either Mary Beth Guard or someone familiar with the topic can answer. It was never mentioned whether adding another ID/password challenge is an acceptable form of additional authentication and where appropriate would satisfy the FFIEC directive for end of this year?
We are considering making loans via the internet. I know CIP and internet security need to be arduous. What other considerations and compliance issues are there?
Technology companies are introducing new ways to secure payments made electronically, both to confirm that the individual is the legitimate cardholder and to securely transmit payment data when a p
Risk is that four letter word that is most on our minds right now. In the context of information security, managing risk is a front burner issue. But what, exactly, is it?
Authentify, a company that offers automated telephone authentication services, has a new weapon against phishing and pharming that uses voice technology.
FDIC has issued FIL-66-2005 to provide guidance to institutions on steps the institution should take to protect the institution from spyware attacks.