FFIEC compliance

FFIEC compliance is conformance to a set of standards for online banking issued in October 2005 by the Federal Financial Institutions Examination Council (FFIEC). The standards require multifactor authentication (MFA) because single-factor authentication (SFA) has proven inadequate against the tactics of increasingly sophisticated hackers, particularly on the Internet. In MFA, more than one form of authentication is implemented to verify the legitimacy of a transaction. In contrast, SFA involves only a user ID and password.

Authentication methods that can be used in MFA include biometric verification such as fingerscanning,iris recognition, facial recognition and voice ID. In addition to these methods, smart cards and other electronic devices can be used along with the traditional user ID and password. The outstanding feature of the FFIEC guidelines is the requirement that encryption be used in all online transaction processing (OLTP) done by financial institutions. The level of encryption must be sufficient to prevent unauthorized disclosure within a bank's internal networks and among shared external networks.

In order to determine whether or not an institution is in compliance with FFIEC guidelines, comprehensive assessments of the internal environment must be conducted to identify potential security weaknesses and threats. Then goals must be set, solutions implemented and periodic risk assessments performed in order to maintain an adequate level of security.

Learn more about FFIEC compliance guidelines

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

More resources from around the web: - The FFIEC has published its most recent set of guidelines for Internet banking. - The FFIEC maintains a Web site with general security information and updates relevant to the financial sector. - Iovation provides a set of authentication products that meet or exceed FFIEC compliance guidelines. - SearchSecurity.com outlines the basics of MFA.

FILE EXTENSION AND FILE FORMAT LIST File Extension and File Format List: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

RELATED CONTENT Five mistakes banks make in pandemic planning Experts cite five areas where financial institutions could improve their planning for a potential H1N1 outbreak Data breach lawsuit puts spotlight on bank's security measures Couple victimized by a data security breach alleges their bank's online security lagged industry standards. Get ready for remote deposit capture risk management scrutiny Industry experts expect federal banking examiners to pay more attention to how banks manage remote deposit capture risks

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Podcast: What is FFIEC compliance?  (SearchFinancialSecurity.com) In this WhatIs.com podcast, you'll learn about this attempt to modernize existing banking practices in the context of new online threats like... remote deposit capture (RDC)  (SearchFinancialSecurity.com) Remote deposit capture (RDC) is a system that allows a customer to scan checks remotely and transmit the check images to a bank for deposit, usually...