Federal Reserve Bank of San Francisco
Call the Fed

Responding to the Cyber Threat: Interagency Supplement to Authentication in an Internet Banking Environment

November 17, 2011

Since 2005, there have been significant changes in the threat landscape facing online banking services.  Cybercriminals continue to develop and deploy more sophisticated and malicious methods to compromise authentication mechanisms (including more robust authentication techniques) and to gain unauthorized access to customers’ online accounts.  Furthermore, cybercriminals have grown more organized and specialized in financial fraud, resulting in the losses of hundreds of millions of dollars from online account takeovers.

View the event

Download presentation (pdf, 469 kb)

This presentation will discuss the “Interagency Supplement to Authentication in an Internet Banking Environment” (Supplement) which was issued by the Federal Financial Institution Examination Council (FFIEC) on June 29, 2011, as well as what bankers should be doing to conform with the Supplement.  The Supplement reinforces and updates the guidance in the October 12, 2005, Interagency Authentication in an Internet Banking Environment, such as risk management, risk assessment, layered security, customer education/awareness and other controls.  It also establishes minimum control expectations for certain online banking activities and identifies controls that are less effective in the current threat environment.  Beginning on January 1, 2012, bank regulators will include an assessment of an institution’s conformance with the Supplement as part of the regular supervisory process.

Our speakers, Senior Manager George Mori and IT Risk Coordinator Gene Lilienthal, are part of the Risk Coordination team for the San Francisco Fed’s Division of Banking Supervision & Regulation.