June 06, 2006

The Financial Services Technology Consortium (FSTC) announced on May 30 that it has concluded phase I of its Better Mutual Authentication (BMA) Project, part of an on-going effort to secure access to customer accounts and combat fraud across the financial services industry. This effort, with 28 participants, including financial institutions, technology vendors, government agencies and associations, resulted in a number of significant deliverables, according to the organization, such as:

  • Identification of relevant use cases, vulnerabilities and threats.
  • Updated terminology used to define authentication practices.
  • Surveyed available technologies and solutions.
  • Produced "Financial Industry Requirements and Recommendations for BMA."
  • Developed tools for evaluating combinations of authentication techniques.
  • Developed a high level architecture of authentication systems that employ multiple authentication techniques.
  • Created a roadmap for evolving BMA to meet future needs.

    "The BMA project team has done an outstanding job in continuing our work towards developing a mutual authentication blueprint that all financial institutions can use to establish better mutual authentication between themselves and their customers, no matter whether they are communicating face-to-face in the branch, on the Internet, at ATMs, through the mail or via telephone," said Dan Schutzer, FSTC executive director, in a statement. "The overall goal is to design and deploy a basic framework that can be implemented industry-wide and then tailored to an individual institution's specific needs or a technology company's unique product or service. We are well on the way to accomplishing that.

    Chuck Wade, BMA project leader, conceded that the industry still has a ways to go before it can fully address the challenges of creating safer online financial services channels. "There is much to be done by the industry if consumers are to be given choices and avoid the burden of having to use multiple authentication technologies to access financial services from various institutions," Wade said.

    FSTC is developing plans for follow-on projects that will build on the foundation laid during the first phase, and will reach out to other industry associations to coordinate initiatives to gain additional leverage for achieving broad consumer adoption of safer online authentication practices. Already, FSTC has contributed BMA deliverables to ANS X9.49 for use in mutual authentication standards for the financial industry and to W3C's Workshop on usability and transparency for Web authentication. FSTC is also supporting the Liberty Alliance and OATH in their authentication initiatives.