5 Tips to Help Banks Implement E-Payments Security
3. Layered Security Programs
The FFIEC argues that layered security allows the strength of one control to offset the weakness of another. At a minimum, the FFIEC expects banks to have two key components in a security program: the ability to detect and respond to suspicious activity, and, for commercial accounts, enhanced controls for system administrators. Some of the controls recommended by the FFIEC include dual authorization through multiple devices and policies for dealing with compromised customer devices.
NACHA adds that banks must understand the benefits and drawbacks of different security techniques within a layered program. Banks should be current on new technologies and security regulations. Different techniques might be tailored to different types of accounts, as well. Controls should be based on the behavior patterns found in the account.
[The Cybersecurity Imperative: How Banks Can Combat Cybercrime ]