FFIEC compliance

FFIEC compliance is conformance to a set of standards for online banking issued in October 2005 by the Federal Financial Institutions Examination Council (FFIEC). The standards require multifactor authentication (MFA) because single-factor authentication (SFA) has proven inadequate against the tactics of increasingly sophisticated hackers, particularly on the Internet. In MFA, more than one form of authentication is implemented to verify the legitimacy of a transaction. In contrast, SFA involves only a user ID and password.

Authentication methods that can be used in MFA include biometric verification such as fingerscanning,iris recognition, facial recognition and voice ID. In addition to these methods, smart cards and other electronic devices can be used along with the traditional user ID and password. The outstanding feature of the FFIEC guidelines is the requirement that encryption be used in all online transaction processing (OLTP) done by financial institutions. The level of encryption must be sufficient to prevent unauthorized disclosure within a bank's internal networks and among shared external networks.

In order to determine whether or not an institution is in compliance with FFIEC guidelines, comprehensive assessments of the internal environment must be conducted to identify potential security weaknesses and threats. Then goals must be set, solutions implemented and periodic risk assessments performed in order to maintain an adequate level of security.

Learn more about FFIEC compliance guidelines

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

More resources from around the web: - The FFIEC has published its most recent set of guidelines for Internet banking. - The FFIEC maintains a Web site with general security information and updates relevant to the financial sector. - Iovation provides a set of authentication products that meet or exceed FFIEC compliance guidelines. - SearchSecurity.com outlines the basics of MFA.

FILE EXTENSION AND FILE FORMAT LIST File Extension and File Format List: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

RELATED CONTENT Multifactor authentication options to secure online banking Banks are under pressure to deploy multifactor authentication to secure online banking and meet FFIEC requirements. Learn the pros and cons of various... Five mistakes banks make in pandemic planning Experts cite five areas where financial institutions could improve their planning for a potential H1N1 outbreak Data breach lawsuit puts spotlight on bank's security measures Couple victimized by a data security breach alleges their bank's online security lagged industry standards.

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Bank Secrecy Act (BSA)  (SearchFinancialSecurity.com) The Bank Secrecy Act (BSA), also known as the Currency and Foreign Transactions Reporting Act, is legislation passed by the United States Congress in... Financial Crimes Enforcement Network (FinCEN)  (SearchFinancialSecurity.com) Financial Crimes Enforcement Network (FinCEN) is a bureau of the United States Department of the Treasury. FinCEN was established in 1990 to...