Wednesday, June 29, 2005

FDIC Releases Study of ID Theft

On June 27, the FDIC released a study of identity theft and account hijacking. It supplements a paper released in December of 2004.

Findings
Different financial institutions may choose different solutions, or a variety of solutions, based on the complexity of the institution and the nature and scope of its activities. The FDIC does not intend to propose one solution for all, but the evidence examined here and in the Study indicates that more can and should be done to protect the security and confidentiality of sensitive customer information in order to prevent account hijacking.

The FDIC recommends that financial institutions perform information security risk assessments and analyze (a) whether the institution needs to implement more secure customer authentication methods and, if it does, (b) what method or methods make most sense in view of the nature of the institution’s business and customer base.

The FDIC also states that if an institution offers retail customers remote access to Internet banking or any similar product that allows access to sensitive customer information, the institution has a responsibility to secure that delivery channel.

"More specifically," they write, "the widespread use of user ID and password for remote authentication should be supplemented with a reliable form of multifactor authentication or other layered security so that the security and confidentiality of customer accounts and sensitive customer information are adequately protected."

0 Comments:

Post a Comment

<< Home