FFEIC Fraud Prevention Regulations Breakdown

  • Identity Verification, Security

The warnings have come, the regulations have been issued, and EVS has given advice on how to pass the first test, but how many institutions understand the FFIEC update? As weve discussed in many of our blogs, the newly updated set of FFIEC compliance regulations can be confusing to understand especially because they are applied in very different ways varying on the company. In a study conducted by Bank Info Security, they discuss the three main improvements needed to better address todays online banking risks.

The first area of improvement is risk assessments. Companies were free to conduct risk assessment as often or as seldom as they felt necessary. This freedom left room for companies to neglect the ever-growing online ID theft dangers. The new regulations now make it mandatory for companies to conduct a risk assessment at least once a month. In response to this new requirement, companies have committed to doing more evaluations outside of the new guidelines.

Risk Assessment

Source: FFIEC Online Banking Security Readiness Study-Guardian Analytics

The second improvement is with layered security. Retail and business accounts are expected to have the ability to detect any suspicious activity upon logging into an account, at the very least. The FFIEC wants additional security for business accounts and hopes that the increased amounts of risk assessments will help detect the need for added layers. ID authentication can help add to these extra layers that the agencies suggest. The final area of improvement is in Customer/Member education. This is a very important step that many companies have over looked in years past. Letting your customers and/or clients know the measures youre taking to protect them, can make a significant difference in fraud prevention efforts. The requirements now include explaining your protection measures, how the company will contact their customers if there is an issue, how customers can protect themselves, and how and when it is appropriate to contact the institution.

The FFIEC Compliance regulations go into much more depth that just these three areas of improvement. Contact EVS today for more information and for help complying.