Online Only: Experts, Security Firms Find Gaps in New FFIEC Guidelines
Security experts from credit unions, research firms and technology providers have been quick to point out the shortcomings of the new Internet banking security guidelines issued on June 28 by the Federal Financial Institutions Examinations Council.
The guidelines lack security recommendations for mobile banking, don’t adequately address today’s evolving fraud threats and come with a tough-to-meet deadline, experts said.
“The timeline for compliance is very aggressive and doesn’t give credit unions a lot of time to prepare,” Howell said.
What happens to the CUs that fail to comply in time? They could face a fine, but McNelly hopes examiners will allow some leeway if, for example, a CU has a project in place that will lead them to full compliance. Mather notes that a lawsuit resulting from a security breach could be the most costly consequence for CUs that do not follow the guidelines.