WASHINGTON — NCUA issued Letter to Credit Unions 06-CU-13 to remind credit unions that the deadline for compliance with Internet authentication is looming at year-end.

The agency issued Guidance on Authentication in Internet Banking (Letter to Credit Unions 05-CU-18) in November 2005, which direct credit unions providing Internet-based services to determine whether appropriate methodologies and technologies are in place to authenticate members.

"Credit unions providing Internet-based services to members should complete a risk assessment of those products and services to determine if high-risk transactions are performed. High-risk transactions are defined as access to member information or the movement of funds to other parties," the letter read.

Recommended For You

In evaluating risk, credit unions should look at member transactional capabilities; the sensitivity of the member information being communicated to both the credit union and the members; the ease of using the communication method; and the volume of transactions, at a minimum.

The letter stated, "NCUA considers single-factor authentication, as the only control mechanism to authenticate members, to be inadequate for high-risk transactions." If there are high-risk transactions occurring and only single-factor authentication, then additional controls must be implemented. "Those controls can be multifactor authentication, layered security, or other controls reasonable to mitigate the risk," according to the letter.

Credit unions must also have a monitoring system in place to seek out unauthorized access to computer systems, as well as a plan for reporting to local law enforcement, NCUA, and members, as warranted.

NCUA also said that credit unions need to initia- te programs to provide fraud prevention education to members.

The Federal Financial Institutions Examination Council has released frequently asked questions, included with NCUA's letter, to aid in the implementation of the interagency guidance on Authentication in an Internet Banking Environment.

NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.