FDIC ID Theft Findings Reveal Need for More Authentication

WASHINGTON – According to recent Federal Deposit Insurance Corporation findings, financial institutions can do more to protect their online banking customers. The new findings are in a supplement to an FDIC study issued in December about ways to fight “phishing” scams. The FDIC concluded that the risk assessment financial institutions are required to perform regarding information security also should address customer authentication. In addition, if an institution offers Internet banking, it has an obligation to properly secure that delivery channel. This extra level of security for online accounts, often referred to as “multifactor authentication,” would be used in addition to the traditional passwords. New security features may include “tokens” issued to customers that generate new passwords every 60 seconds, software that can identify the computer that an individual uses to access online accounts, or contacting by phone to make sure that he or she is the one attempting to access the account. “The FDIC does not intend to propose one solution for all, but the evidence.indicates that more can and should be done to protect the security and confidentiality of sensitive customer information in order to prevent account hijacking,” the supplement said. It added that consumers are concerned about online security and may be receptive to using a new form of authentication “if they perceive it as offering improved safety and convenience.” The FDIC and other federal banking agencies are expected to issue guidance this fall to insured financial institutions about improving the security of customer authentication methods. The latest FDIC findings are expected to be considered in the development of that guidance.