|
 |
 |
|
|
|
|
|
|
|
|
All Together Now By Ivan Schneider Oct 18, 2005 at 03:18 PM ET With the FFIEC's guidance stating that banks should implement two-factor authentication for Internet services that involve sensitive customer information or movement of funds, the status quo in information security in banking has been quickly overturned. The FFIEC guidance raises the minimum standard by mandating two-factor authentication by the end of 2006. Now, a bank that may have held off on implementing a two-factor solution for the fear of getting too far ahead of the mainstream market can move ahead without fear of losing customers to security laggards. There may still be laggards, but the differences won't be as stark as they were in the past. The 2006 deadline means that banks not only have to figure out how to deploy two-factor authentication, but also to figure out which alliances and standards bodies they should join for deployment. In the absence of some level of industry consensus, customers will be asked to adopt a different authentication technique for each bank they do business with. One result could be "token necklace" syndrome, where someone has to carry around several different identification dongles. Or worse, a single customer may have to use a USB token for one bank, a smart card for another, and a one-time-password device for a third. Someone in either situation would be likely to get frustrated and end relationships with the financial institutions having the most troublesome authentication methods; which, counter to the intent of the FFIEC guidance, would reward the banks adopting the minimum standards. An alternative is for the banks to decide upon a common, interoperable standard for authentication. Since the choices of method are numerous, with debatable merits and variable costs, I don't really expect this to happen. But there's another option: Instead of each bank deciding which form of authentication it wants all of its customers to use, perhaps the choice should be that of the customer. Imagine if every single Internet banking customer received the same letter in the mail: Dear Internet Banking Customer: In order to protect your information and secure your funds, please select one of the following authentication methods as the one that you will use by the end of 2006:
You will be able to use this authentication method for all of your banking relationships. Signed, How's that for putting the customer first? Topics: What We're Thinking » Weblog Main | » View Entries By Topic | » View Entries By Date This is a public forum. CMP Media and its affiliates are not responsible for and do not control what is posted herein. CMP Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers. Community standards in the message center do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this forum becomes the property of CMP Media LLC and may be edited and republished in print or electronic format as outlined in CMP Media's Terms of Service. Important Note: The Message Center is NOT intended for commercial messages or solicitations of business. |
|
|
|
|
|
||||||||||||||||||||||||||||||||
|
|
|
|
|
|
|
|
||
