The FFIEC argues that layered security allows the strength of one control to offset the weakness of another. At a minimum, the FFIEC expects banks to have two key components in a security program: the ability to detect and respond to suspicious activity, and, for commercial accounts, enhanced controls for system administrators. Some of the controls recommended by the FFIEC include dual authorization through multiple devices and policies for dealing with compromised customer devices.
NACHA adds that banks must understand the benefits and drawbacks of different security techniques within a layered program. Banks should be current on new technologies and security regulations. Different techniques might be tailored to different types of accounts, as well. Controls should be based on the behavior patterns found in the account.
[The Cybersecurity Imperative: How Banks Can Combat Cybercrime ]
Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio