In This Presentation:
Overview
- Critical differences in the 2011 Supplement as compared to the 2005 Guidance
- Other useful sources of regulatory guidance on authentication
- Concluding thoughts on areas of examination emphasis
Why the need for the Supplement?
-Supplement reiterates the need to perform periodic risk assessments and adjust customer authentication controls as appropriate in response to new threats
- However, certain aspects of the 2005 Guidance have become less effective or require enhancement due to significant changes in the threat landscape:
- More sophisticated, effective and malicious methods to compromise authentication mechanisms and gain access to online accounts
- Criminal groups specializing in financial fraud
- Fraud tools are easily obtainable on Internet
- Malware installed on computers monitor user activity, facilitate theft and misuse of login credentials
- Cybercrime complaints significantly up since 2005, in particular with respect to commercial accounts.
Please see full publication below for more information.