FFIEC compliance
Home > Financial Services Information Security Definitions - FFIEC compliance
SearchFinancialSecurity.com Definitions (Powered by WhatIs.com)
EMAIL THIS
LOOK UP TECH TERMS Powered by: WhatIs.com
Search listings for thousands of IT terms:
Browse tech terms alphabetically:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

FFIEC compliance


Word of the Day
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


DEFINITION -

FFIEC compliance is conformance to a set of standards for online banking issued in October 2005 by the Federal Financial Institutions Examination Council (FFIEC). The standards require multifactor authentication (MFA) because single-factor authentication (SFA) has proven inadequate against the tactics of increasingly sophisticated hackers, particularly on the Internet. In MFA, more than one form of authentication is implemented to verify the legitimacy of a transaction. In contrast, SFA involves only a user ID and password.

Authentication methods that can be used in MFA include biometric verification such as fingerscanning,iris recognition, facial recognition and voice ID. In addition to these methods, smart cards and other electronic devices can be used along with the traditional user ID and password. The outstanding feature of the FFIEC guidelines is the requirement that encryption be used in all online transaction processing (OLTP) done by financial institutions. The level of encryption must be sufficient to prevent unauthorized disclosure within a bank's internal networks and among shared external networks.

In order to determine whether or not an institution is in compliance with FFIEC guidelines, comprehensive assessments of the internal environment must be conducted to identify potential security weaknesses and threats. Then goals must be set, solutions implemented and periodic risk assessments performed in order to maintain an adequate level of security.

LAST UPDATED: 06 Mar 2008

Read more about FFIEC compliance:
- The FFIEC has published its most recent set of guidelines for Internet banking.
- The FFIEC maintains a Web site with general security information and updates relevant to the financial sector.
- Iovation provides a set of authentication products that meet or exceed FFIEC compliance guidelines.
- SearchSecurity.com outlines the basics of MFA.


Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
For financial firms, numerous compliance requirements demand baseline controls
A consistent compliance program that adheres to basic principles can ease the compliance process.

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
Podcast: What is FFIEC compliance?  (SearchFinancialSecurity.com)
In this WhatIs.com podcast, you'll learn about this attempt to modernize existing banking practices in the context of new online threats like...


About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts