Online banking has offered a great level of convenience to customers compared to traditional banking, which required customers to be physically present at the bank for every transaction. However, with this convenience also come the risks of exposure and misuse of sensitive financial information.
Incidents of online banking fraud are on the rise and customers financial data are at great risk. The sophisticated nature of such security attacks often prevent them from being detected by threat detection or intrusion prevention software. Suffolk County National Bank reported a security breach in January 2010, indicating that over 8300 customer credentials were stolen. This and many other security incidents in the past have put banks, customers and the government on high alert. To avoid the loss or theft of confidential data, the government has laid down a set of rules and regulations with which financial institutions must comply.
The Federal Financial Institution Examination Council (FFIEC) has put down one such set of guidelines which requires banks to adopt a variety of multi-factor authentication measures to secure online access to account information and transaction functionality. Compliance with these guidelines requires strong authentication, privacy protection, identity verification and electronic document integrity. These are very hard to achieve unless the bank or financial institution is equipped with a comprehensive software solution capable of ensuring that these requirements are met, alongside providing overall security for online transactions.
Such a solution should:
a) Have a robust online fraud detection capability to detect and prevent fraudulent transactions
b) Offer a versatile authentication technique, which is capable of matching the authentication method to the level of risk
c) Provide risk-appropriate authentication based on the type of security required for each online banking application
d) Be able to curb risk with a comprehensive set of fraud detection and authentication capabilities
e) Work in real-time to assess the fraud potential of online transactions and detect suspicious access to accounts
f) Support U.S. and international security standards, including 3-D Secure, CardSpace, EMV, FFIEC, OATH, OpenID, SAFE, and SAML
g) Be PCI DSS-compliant
Only a solution that addresses the above needs can provide completely secure online banking potential. And only with such a solution can stringent compliance requirements be fulfilled.