The warnings have come, the regulations have been issued,
and EVS
has given advice on how to pass the first test, but how many institutions
understand the FFIEC update? As weve discussed in many of our blogs, the newly
updated set of FFIEC
compliance regulations can be confusing to understand especially because
they are applied in very different ways varying on the company. In a study
conducted by Bank
Info Security, they discuss the three main improvements needed to better
address todays online
banking risks.
The first area of improvement is risk assessments. Companies
were free to conduct risk assessment as often or as seldom as they felt necessary. This freedom left room for companies
to neglect the ever-growing online
ID theft dangers. The new regulations now make it mandatory for companies
to conduct a risk assessment at least once a month. In response to this new
requirement, companies have committed to doing more evaluations outside of the new
guidelines.
Source: FFIEC Online Banking Security
Readiness Study-Guardian Analytics
The second improvement is with layered
security. Retail and business
accounts are expected to have the ability to detect any suspicious activity
upon logging into an account, at the very least. The FFIEC wants additional
security for business accounts and hopes that the increased amounts of risk
assessments will help detect the need for added layers. ID
authentication can help add to these extra layers that the agencies
suggest. The final area of improvement is in Customer/Member education. This is a very important step that many
companies have over looked in years past. Letting your customers and/or clients
know the measures youre taking to protect them, can make a significant
difference in fraud
prevention efforts. The requirements now include explaining your protection
measures, how the company will contact their customers if there is an issue,
how customers can protect themselves, and how and when it is appropriate to
contact the institution.
The FFIEC Compliance regulations go into much more depth
that just these three areas of improvement. Contact EVS
today for more information and for help complying.
