Validate user identity for transaction processing
The Federal Financial Institutions Examination Council (FFIEC) issued its first guidance for Authentication in an Electronic Banking Environment in 2001. This was in response to the growth in banking by remote electronic means. Additional guidelines were issued in 2005 and 2011 to address the Authentication in an Internet Banking Environment. The intent was to advise financial institutions offering Internet-based products and services to use effective methods to authenticate the identity of customers using those products and services.
PCI Data Security Standards (DSS) are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect payment cardholder data. The standards apply to all organizations that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices used in those transactions.
FFIEC – Authentication in an internet banking environment
“Account fraud and identity theft are frequently the result of single-factor (e.g., ID/password) authentication exploitation. Where risk assessments indicate that the use of single-factor authentication is inadequate, financial institutions should implement multifactor authentication, layered security, or other controls reasonably calculated to mitigate those risks.”
PCI DSS Section 8.3
“Implement two-factor authentication for remote access to the network by employees, administrators, and third parties.”
Protect your organization against security breaches, identity theft, and social engineering attacks. AllWebID Identity Manager enables all financial institutions (that are required to meet PCI DDS Section 8 and FFIEC regulations) to implement a secure 2-factor authentication login for their employees, customers and business partners, thus ensuring that the right individual has the right access.
We ensure that organizations working in the banking, financial and e-commerce industries can easily meet the online user authentication guidelines, while reducing their operational expenses and improving overall user access security.