A system where two different authentication factors are used to authenticate. These two have to be from commonly accepted three factors: (1) “something you know” (such as a password or PIN), (2) “something you have” (such as a smart card or USB security token), and (3) “something you are” (such as a fingerprint, a retinal scan, or other biometric authentication).
Published in Chapter:
Implications of FFIEC Guidance on Authentication in Electronic Banking
Manish Gupta (State University of New York, Buffalo, USA), JinKyu Lee (Oklahoma State University, USA), and H. R. Rao (State University of New York, Buffalo, USA)
Copyright: © 2009
|Pages: 13
DOI: 10.4018/978-1-59904-855-0.ch022
Abstract
The Internet has emerged as the dominant medium in enabling banking transactions. Adoption of e-banking has witnessed an unprecedented increase over the last few years. In today’s online financial services environment, authentication is the bedrock of information security. Simple password authentication is the prevailing paradigm, but its weaknesses are all too evident in today’s context. In order to address the nature of similar vulnerabilities, in October 2005, the Federal Financial Institutions Examination Council (FFIEC)—which comprises the United States’ five federal banking regulators—published joint guidance entitled Authentication in an Internet Banking Environment, recommending that financial institutions deploy security measures to reliably authenticate their online banking customers. The analysis of FFIEC guidance presented in the article are with the view to equip the reader with a glimpse of the issues involved in understanding the guidance for specific banking organization that may help towards learned and better decisions regarding compliance and improved security. The chapter will allow Information Technology managers to understand information assurance issues in e-banking in a holistic manner, and help them make recommendations and actions to ensure security of e-banking components.