The Federal Reserve Bank of San Francisco
Home Careers Fed Links Subscriptions
Banking Information

District Circular Letters

September 5, 2001

BANKING SUPERVISION AND REGULATION:
FEDERAL FINANCIAL INSTITUTIONS EXAMINATION COUNCIL (FFIEC)
AUTHENTICATION GUIDANCE

To State Member Banks, Bank
Holding Companies, U.S. Branches
and Agencies of Foreign Banks,
and Others Concerned,
in the Twelfth Federal Reserve District

FFIEC Guidance on Authentication (SR 01-20 [SUP] - 76KB PDF)

The federal banking agencies have issued the attached guidance on authentication in an electronic banking environment for examiners and banking organizations. Effective authentication measures, both technical and procedural, can help financial institutions reduce fraud risks and strengthen their information security programs. The guidance describes risk management considerations that may be useful as banks design and update their on-line customer authentication systems. Because authentication technologies and industry practices are constantly evolving and risk environments differ across banking activities and institutions, the guidance is not intended to require or endorse any particular technologies, standards, or practices.

The main portion of the guidance details background information and sound risk management measures. Processes for verifying the identity of prospective customers and for authentication of existing customers who use on-line systems, such as Internet banking services, are addressed. An appendix gives more detail about various authentication technologies and issues to consider when implementing these methods, including passwords and personal identification numbers, public key infrastructure systems, tokens, and biometrics. Although the attached guidance describes different technical approaches, the effectiveness of any authentication method depends equally on effective policies, procedures, and controls.

Additional Information

All circulars and documents are available on the Internet through the Federal Reserve Bank of San Francisco's Internet site, at http://www.frbsf.org/banking/letters. Paper copies of SR-01-20 [SUP] are available from our Corporate Services Department. To request copies to be sent by mail, please call (415) 974-2060.

For additional information about authentication measures, please contact our Banking Supervision and Regulation Department at (415) 974-2995.

FEDERAL RESERVE BANK OF SAN FRANCISCO