US Regulators Update Guidance on Customer Authentication

The Federal Financial Institutions Examination Council (FFIEC) today released updated guidance on the risks and risk management controls necessary to authenticate the identity of customers accessing Internet-based financial services.

The guidance, Authentication in an Internet Banking Environment, was issued to reflect the many significant legal and technological changes with respect to the protection of customer information, increasing incidents of identity theft and fraud, and the introduction of improved authentication technologies and other risk mitigation strategies.

The guidance is divided into two parts. The main portion of the guidance provides financial institutions with guidance on authentication and discusses appropriate risk assessments, customer authentication, verification of new customers, and monitoring and reporting. An appendix provides more detail about various authentication technologies.