FFIEC issues guidance on authentication, access to financial institution systems

The Federal Financial Institutions Examination Council (FFIEC), on behalf of its members, issued guidance that provides financial institutions with examples of effective authentication and access risk management principles and practices for customers, employees, and third parties accessing digital banking services and information systems.

The new guidance replaces previous documents issued in 2005 and 2011.

The guidance:

  • Highlights the current cybersecurity threat environment including increased remote access by customers and users, and attacks that leverage compromised credentials; and mentions the risks arising from push payment capabilities.
  • Recognizes the importance of the financial institution’s risk assessment to determine appropriate access and authentication practices to determine the wide range of users accessing financial institution systems and services.


continue reading »