FFIEC Issues Guidance on Authentication and Access to Financial Institution Services and Systems

Federal Financial Institutions Examination Council

WASHINGTON, D.C. — The Federal Financial Institutions Examination Council (FFIEC), on behalf of its members, has issued guidance that provides financial institutions with examples of effective authentication and access risk management principles and practices for customers, employees, and third parties accessing digital banking services and information systems.

The guidance:

  • Highlights the current cybersecurity threat environment including increased remote access by customers and users, and attacks that leverage compromised credentials, and mentions the risks arising from push payment capabilities.
  • Recognizes the importance of the financial institution’s risk assessment to determine appropriate access and authentication practices to determine the wide range of users accessing financial institution systems and services.
  • Supports a financial institution’s adoption of layered security and underscores weaknesses in single-factor authentication.
  • Discusses how multi-factor authentication or controls of equivalent strength can more effectively mitigate risks.
  • Includes examples of authentication controls, and a list of government and industry resources and references to assist financial institutions with authentication and access management.

The new guidance replaces previous documents issued in 2005 and 2011.

For the latest news on everything happening in Chester County and the surrounding area, be sure to follow MyChesCo on Google News.

Thanks for visiting! Looking for some Chester County pride? We got you covered! Shop our MyChesCo store and show your love for Chester County, Pennsylvania. We got shirts, hats, and more – all with a unique ChesCo flair. Plus, proceeds from each purchase helps support our mission of bringing reliable information and resources to the people of Chester County.