This is fourth question in our five-part series on the FFIEC guidance and what it means Internet banking. Check back each day this week for more Q&A on what you need to know and how to prepare for the January 2012 deadline. If you missed parts 1-3, there’s no time to waste, check them out here:
- Go to question one: What does “multi-factor” authentication actually mean?
- Go to question two: Who does this guidance affect? And does it affect each type of credit grantor/ lender differently?
- Go to question three: What does “layered security” actually mean?
Today’s Q&A: What will the regulation do to help mitigate fraud risk in the near-term, and long-term?
The FFIEC’s guidance will encourage financial institutions to re-examine their processes. The guidance is an important reinforcement of several critical ideas:
- Fraud losses undermine faith in our financial system by exposing vulnerabilities in the way we exchange goods, services and currencies. It is important that members of the financial services community understand their role in protecting our economy from fraud.
- Fraud is not the result of a static set of tactics employed by criminals. Fraud tactics evolve constantly and the tools that combat them have to evolve as well. Considering the impact that technology is having on commerce, it is more important than ever to review the processes that we once thought made our businesses “safe.”
- The architecture and flexibility of fraud prevention “capabilities” is a weapon unto itself. The guidance provides a perspective on why it is important to be able to understand the risk and to respond accordingly.
At the end of the day, the guidance is less about a need to take a specific action—and more about the “capability” to recognize when those actions are needed, and how they should be structured so that high-risk actions are met with strong and sophisticated defenses.
Look for part five, the final in our series tomorrow.