SOURCE: Burton Group

July 19, 2006 12:42 ET

Burton Group Provides Recommendations for Successful FFIEC Compliance

Firm Warns Guidelines Don't Address Protection of Private Information

SALT LAKE CITY, UT -- (MARKET WIRE) -- July 19, 2006 -- Burton Group, an IT research firm focused on in-depth analysis of enterprise infrastructure technologies, released a report that analyzes the Federal Financial Institutions Examination Council (FFIEC) guidance on authentication for Internet banking and recommends three technologies that can mitigate risks of online fraud.

According to Mark Diodati, analyst with Burton Group's Identity and Privacy Strategies service, the consumer authentication market is growing fast, but not all authentication techniques are created equal. He recommends that financial institutions implement risk analytic engines, out-of-band (OOB) identity proofing and anti-phishing services.

Risk analytic engines help identify potentially fraudulent transactions and allow financial institutions to:

--  Stop the transaction
--  Let the transaction occur, but increase account activity scrutiny
--  Initiate identity proofing processes to verify the user's identity
Out-of-band identity proofing provides higher identity assurance. OOB utilizes channels other than the web session to identity-proof the user at key stages of user interaction with the financial institution's website. Diodati points out that other techniques like device identification and digital watermarking, while valuable, depend upon adequate identity proofing.

Anti-phishing services utilize a real-time network to shares current phishing information with all financial institutions that can reject access from known phishing sites. In addition, many services will work with the major Internet service providers (ISPs) to shut down the site and direct users away from phishing sites.

"If implemented properly, these techniques, along with consumer anti-fraud guarantees, will mitigate the risk of fraudulent transactions on a financial institutions website," says Diodati.

However, Diodati maintains that even the best consumer authentication techniques will not protect against insufficient protection of private information by its custodians and recommends that organizations implement security controls to protect consumer information.

Burton Group has published an Inflection Point podcast that provides more information about the consumer authentication landscape and techniques for successful FFIEC authentication compliance.

About Burton Group

Burton Group ( helps technologists make smart enterprise architecture decisions in increasingly complex environments. Burton Group is an IT research and advisory services firm focused on offering in-depth analysis of infrastructure technologies relating to security, identity management, web services, service-oriented architecture, collaboration, content management, and network and telecom.

Burton Group's corporate roots are anchored in an uncompromising allegiance to the enterprise technologist and grow far outside the shadow of vendor agendas. This independence stems from Burton Group's mission to produce honest, meaningful research -- created by technologists, for technologists.

Contact Information


    Amie Johnson
    Burton Group PR manager
    Tel: 801-304-8136
    Email: Email Contact