Introducing the Elephant in the Room – The Challenge
Community banks and credit unions have protected account holders for a long time, but today armored walls are not enough — not with the popularity of the online channel.
While it is imperative that banks and credit unions offer a full lineup of banking services including online, mobile and voice to keep up with the growing demand, financial institutions also need to constantly reassess the challenges, issues and potential threats those channels present.
Contributing to the problem is that community banks and credit unions no longer know their accountholders as well as they once did. Consequently, few financial institutions have a good grasp of typical transactions for specific accountholders.
The issue is so important that it even garnered the increased attention of the federal government. The FFIEC on June 28, 2011 released updated guidance on how banks should guard against cyber-security threats. The original guidance offered by the FFIEC – a formal interagency comprised of the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Office of Thrift Supervision (OTS) –issued a set of guidelines back in 2005, titled Authentication in an Internet Banking Environment. They called on all financial institutions to improve their single-factor authentication processes – typically based on user name and passwords.
Since the guidelines were issued, numerous financial institutions added a second verification level for online transactions. However, in countless cases, the added measures have been largely superficial and barely reinforce authentication.
Despite the well-intentioned initial FFIEC mandate, fraud continues to grow exponentially while touching newer channels such as mobile banking that barely existed six or seven years ago. Since then, online risk and fraud issues no longer emanate from hackers creating chaos from their basements. Fraud is a big business and spawned by sophisticated organized crime factories aimed at stealing financial information. As a result of the more recent increases in online fraud within the banking industry, the FFIEC issued the new updated guidelines regarding online bank account security in an effort to further address the root cause of fraud.
There is a growing need for technology that intuitively knows accountholders normal transaction patterns, and then issues alerts when irregularities take place. The technology exists but deployment is often infrequent. Stay tuned to find out more about assessing security and how you can be prepared.