ID Number: G00203217



Consumer Authentication and the FFIEC Guidance
17 July 2006
 
Mark Diodati  

In this overview, Analyst Mark Diodati surveys the risks of online financial applications and analyzes the related Federal Financial Institutions Examination Council (FFIEC) guidance on authentication for Internet banking. In addition, Diodati reviews emerging consumer authentication techniques and discusses their effectiveness. Diodati also makes recommendations for smoother regulatory examinations, and highlights potential consumer authentication issues, including identity proofing and the use of mainstream authentication systems without additional protection mechanisms.





*
Unavailable for individual purchase
For information on how to gain access to this and other documents,
click here.








Browse Topics


Other Options







Contact Gartner




For information on how to gain access to this and other documents, click here.
 You or your organization may already own this document. Register now to find out. Your Gartner Membership Administrator can supply the needed License Key(s).
You will not lose your document during registration.
Sign in here:
Username:

Password:
Forgot your username
or password?







This document is not available as part of your current Gartner subscription. For pricing and availability of the full document, please contact your Gartner account representative. Your account representative can also give you more information about your current subscription and other access options that may be available to you. If you do not have a Gartner account representative, call +1 203 316 1200 for assistance.

Table of Contents

Contents
  • Synopsis
  • Analysis
    • Out of Silver Bullets
    • Are Consumer Authentication Technologies Enough to Protect Consumers?
    • What Does the FFIEC Guidance Say?
    • Which Organizations Are Impacted?
    • Broader Benefits of the FFIEC Guidance
    • Worldwide Consumer Authentication Adoption Trends
    • Leveraging the Good
    • Recommendations
      • Be Ready
      • Play Nice with the Examiners
      • Be Flexible
      • Win the Trifecta: Pick the Right Horses
      • Consider Consumer Guarantees
  • The Details
    • FFIEC Guidelines
    • The Insufficiency of Server-Side SSL
    • The Waves of Phishing
      • First Wave
      • Second Wave
      • Third Wave
    • Primary Authentication Methods
      • Passwords
      • OTP Devices
      • Grid Cards
    • Secondary Authentication Methods
      • OOB Identity Proofing
      • Device Identification
      • Mobile PKI Software
      • Typing Biometrics
      • KBA
    • Additional Controls
      • Anti-Phishing Services
      • Risk Analytic Techniques
      • Digital Watermarking
      • Minimum Anti-Malware Controls
    • Upside Down: The Shared Account
  • Conclusion
Tables
Table 1.
Regulatory Banking Agencies in the FFIEC
Figures
Figure 1.
Harvesting Phishing Attack
Figure 2.
MITM Phishing Attack
Figure 3.
Phishing Attack with Workstation Malware
Figure 4.
VeriSign OTP Device
Figure 5.
VASCO Digipass Pro 260 for Digital Signing
Figure 6.
IdentityGuard Grid Card and Login Dialogue


Browse Topics:
 
Identity Authentication




© 2006 Burton Group. All rights reserved.




Resource Id: 1405030