Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
Study FIs make progress toward FFIEC online security expectations
MOUNTAIN VIEW, Calif. (12/19/11)--Credit unions and banks are making progress in the initial phases of preparing for new Federal Financial Institutions Examination Council (FFIEC) expectations on online banking security that will be effective in 2012, according to a new survey. However, many will have to rush to meet the January 2012 deadline.

Fifty-seven percent of the credit unions and banks surveyed have completed their risk assessment, and 59% have formed a plan to fill online banking security gaps, according to a study by Guardian Analytics, a Mountain View, Calif.-based fraud prevention provider, who released the findings Thursday.

The company surveyed more than 300 executives responsible for online banking security decisions at more than 100 U.S.-based banks and credit unions of all sizes in November. Most respondents lack clarity on the minimum expectations for layered security outlined in the FFIEC Supplement to the Authentication in an Internet Banking Environment, the study found.

Of those surveyed, 84%  plan to invest in new technologies to address the enhanced expectations. However, most are not far along in technology implementation--43% said they have purchased new technology solutions, and 49% said they intend to in the future.  Many plan their investments for the next six to 12 months, in time for their 2012 exam, said the report.

"The FFIEC raised the bar on expectations for online security, and financial institutions are scrambling to evaluate and invest in preparation for their 2012 exams," said Terry Austin, CEO of Guardian Analytics. "In the last six months, we have seen exponential growth in investments in anomaly detection by those who are following the guidance diligently. As institutions work more closely with their examiners to fully understand the new requirements, we expect that growth to continue in the coming year."

The FFIEC supplement outlined two minimum expectations against which financial institutions would be examined: The ability to detect and respond to suspicious activity at login and initiation of transactions in all accounts, and enhanced controls of administrative functions for business accounts.

The survey indicated that despite the specific language in the supplement, nearly half the respondents did not fully understand the minimum expectations. Roughly 41% were unable to identify anomaly detection as an FFIEC minimum expectation for layered security, and 56% could not identify enhanced controls for business banking administrative functions.

Respondents also ranked the factors that determine their priorities for technology investments. "Level of protection" was ranked most important driver for choosing a technology solution, followed closely by "customer convenience." "Meeting minimum FFIEC requirements for layered security"  was ranked the lowest.

The FFIEC supplement, released in June, was in response to rapidly evolving banking attacks and ongoing growth in online fraud losses. Regulars have said they expect financial institutions to take significant steps toward conforming with updated expectations for ongoing risk assessments, enhanced layered security and customer education by January 2012.
Other Resources

RSS print
News Now LiveWire
The Hill reports House Republicans plan to delay Aug. recess to stay in D.C. until they have enough votes to pass bill on border crisis.
12 hours ago
The FHLBs of Des Moines and Seattle announce they have entered into an exclusivity arrangement regarding potential merger of the 2 entities.
12 hours ago
SunCorp and @AlloyaCorp have announced their intent to merge.
14 hours ago
.@TheNCUA bars former employee of Southwest Communities FCU,Melissa Rosing,from work at any federally insured FI. http://t.co/owtVnPxVZT
15 hours ago
Fryzel added @TheNCUA is fed. governmt, thereby will B criticized, but always tried 2 do what is right. McWatters still 2 B sworn in.2of2
17 hours ago