From the May 2011 issue of Treasury & Risk magazine

Layering on Security

Banking regulators are expected to push for stronger forms of authentication as electronic transaction fraud proliferates.

RSA’s March announcement that hackers breached its electronic authentication system, used by thousands of financial firms and their customers, put renewed emphasis on the shape of upcoming regulatory guidance from the Federal Financial Institutions Examination Council. The FFIEC’s 2005 recommendations on authenticating banking transactions focused on multi-factor authentication, which requires account holders to provide a user name and password, plus an additional identifier, such as information known only to the account holder or a code generated by a token, to access accounts. Given the rise in electronic transaction fraud, the FFIEC is expected to push for additional layers of security.

Whoever hacked into RSA’s system extracted information related to its SecurID two-factor authentication product, which generates such token codes.


Advertisement. Closing in 15 seconds.