Samport

When the U.S Federal Financial Institutions Examination Council (FFIEC) issued guidelines in late 2005 to get U.S banks to adopt stronger security measures for consumer Web banking, the industry was very slow to respond. But new research by TowerGroup has found that 95 percent of U.S. banks now comply with - or are close to complying with - the FFIEC's authentication guidance.

The FFIEC guidelines require banks to implement "strong" authentication methodologies that enable them to assess and mitigate the potential risk of Internet banking transactions.

TowerGroup says U.S. banks seem to have been able to strike an appropriate balance between authentication "strength" and customer convenience,. Banks are often using a combination of technologies such as end user device identification, IP (Internet Protocol) address geolocation, and challenge/response questions, the U.S.-based consultancy says.

"Many banks report that new authentication techniques have reduced online fraud losses while driving increases in consumer Internet banking adoption and usage," TowerGroup says. "This counters early concerns that stronger authentication technology would inconvenience consumers to the point of driving online banking usage down."

But, TowerGroup says, U.S. banks need to strengthen their current risk-based authentication technologies with additional end user device-identifying components, especially IP intelligence data. Also, banks should implement back-end fraud detection technologies that identify transactional and behavioral anomalies, and seek ways to share fraud data relating to known fraud sources with other financial institutions, it says.

"Banks cannot simply meet the current FFIEC guidance and rest on their laurels," TowerGroup advises. "They must continue to stay ahead of the curve."

Source: www.epaynews.com