Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    FFIEC Rewrites Its Rules For Banks to Enhance Security, Prevent Cyberheist

    The latest edition of the "Your Money Is Not Safe In The Bank" newsletter (sign up on their home page) takes a look at the new authentication guidelines about to be issued from the Federal Financial Institutions Examination Council (FFIEC) indicates that banks are about to be held accountable to a higher standard of risk assessment, fraud detection and prevention, and authentication. The current draft of the document updates the latest 2005 guidelines, and has been distributed for review and comment to the Board of Governors at the Federal Reserve, the FDIC, the Office of the Comptroller of the Currency, the National Credit Union Administration, and the Office of Thrift Supervision. Several different copies were leaked to the Information Security Media Group, the operation behind the "Your Money Is Not Safe..." website, as well.



    Info about new FFIEC guidelines leaked to industry newsletter



    Though this document is likely to see numerous changes from its current to any final form, here's a preview of coming attractions as they currently stand:



    • Improved risk assessments to help financial institutions understand and deal with new or emerging threats, such as man-in-the-middle or man-in-the-browser attacks, and use of keyloggers, Trojans, and so forth to steal and distribute account access information and online funds transfer data


    • Broad use of multi-factor authentication (security tokens, one-time keys via fax or cellphone, and so forth) to boost security, especially for "high-risk" transactions


    • Layered security controls to detect and block suspicious or anomalous activities as they occur


    • Increased customer education, particularly for those who work with commercial accounts online




    Gosh! If all or most of these guidelines survive into a final, approved version, cybercrooks may soon be switching their focus and activities again, because these things would make it much, much more difficult for them to successfully perpetrate fraudulent funds transfers (or fraudulent account activities of any kind). Keep your fingers crossed that the powers that be won't try to water these recommendations down much, or at all. Only time will tell. A final version of the document should be published before the end of 2011. For more details, please consult the full text of the newsletter online.



    Stu Sjouwerman

     

    Return To KnowBe4 Security Blog

    Topics: Cybercrime, KnowBe4

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews