The 5 Basic (but Important) Questions Banks Need Answered Regarding FFIEC Regulatory Compliance

November 15, 2011 by Chris Ryan

This is second question in our five-part series on the FFIEC guidance and what it means Internet banking.  If you missed the first question, don’t worry, you can still go backCheck back each day this week for more Q&A on what you need to know and how to prepare for the January 2012 deadline.

Question: What does “multi-factor” authentication actually mean?

“Multi- Factor” authentication refers to the combination of different security requirements that would be unlikely to be compromised at the same time. A simple example of multi-factor authentication is the use of a debit card at an ATM machine.   The plastic debit card is an item that you must physically possess to withdraw cash, but the transaction also requires the PIN number to complete the transaction.

The card is one factor, the PIN is a second. The two combine to deliver a multi-factor authentication. Even if the customer loses their card, it (theoretically) can’t be used to withdraw cash from the ATM machine without the PIN.


Look for part three of our five-part series tomorrow.