Bank examiners and auditors constantly change their expectations. The result is you feel as if your information security practices are trying to hit a moving target while the boundaries shift constantly.
The FFIEC has released an update titled “Authentication and Access to Financial Institution Services and Systems.” It replaces two previously released FFIEC issued pieces: "Authentication in an Internet Banking Environment" released in 2005, and the "Supplement to Authentication in an Internet Banking Environment" released in 2011. The guidance has been expanded to include employees, third party vendors, and APIs with increased expectation in regards to controls and risk management. This update is clearly focused on an understanding of the threat landscape, having a current risk assessment, ensuring layered security, and a general increase in authentication implementation. Take a few minutes to watch FINOSEC President and CEO Zach Duke unpack this information.