SOURCE: PhoneFactor

PhoneFactor

June 28, 2011 16:20 ET

PhoneFactor Helps Banks Meet Updated FFIEC Guidance for Online Banking Security

Out-of-Band Transaction Verification, Like That Provided By PhoneFactor, Is Recommended as an Effective Control Against Online Banking Fraud

OVERLAND PARK, KS--(Marketwire - Jun 28, 2011) - The much-anticipated update to the FFIEC Guidance on "Authentication in an Internet Banking Environment" was released today, and PhoneFactor's industry-leading out-of-band authentication services enable banks to meet new recommendations for layered security and stronger authentication.

"The 2005 FFIEC Guidance pushed financial institutions to take important steps to protect their customers, but as threats have evolved, some financial institutions have failed to update their control mechanisms accordingly," said Tim Sutton, PhoneFactor CEO and co-founder. "As a result, many of the security measures in place today are outdated and ineffective."

In response to today's top threats, such as man-in-the-middle and keylogging, which were highlighted in the update, the FFIEC introduces the concept of layered security. The layered approach recommended by the FFIEC extends security controls beyond the initial login to include online banking transactions and administrative functions. The use of out-of-band verification for transactions was recommended as an effective control against these attacks.

In addition, the update calls for an overall strengthening of authentication technologies. According to the update, out-of-band authentication has taken on a new level of importance given the preponderance of malware on customer PCs, which can defeat OTP tokens, device identification, challenge questions, and many other forms of strong authentication. In particular, closed loop methods that complete the authentication in the out-of-band channel are seen as offering a greater level of security.

PhoneFactor enables banks to meet these requirements by authenticating online banking logins and verifying funds transfers, such as ACH, wire transfers, etc., through a completely out-of-band process using any ordinary phone. PhoneFactor works by placing an automated phone call or sending a text message to the user in real-time. Transaction details like amount and destination account can be played during the call or sent in the text message. The user simply enters # (or a PIN) into the phone keypad or replies to a text message to approve legitimate logins and transactions. PhoneFactor can also be used to verify administrative functions, such as the creation of new payees, user changes, and payroll modifications.

In addition, the updated Guidance identified emerging trends like biometrics and the use of dual controls, which PhoneFactor offers as well.

"The updated FFIEC Guidance presents a view of the current threat landscape and the security controls that are successful in preventing online banking fraud today," said Sutton. "These changes, particularly transaction-level security and out-of-band authentication, set a new standard for banks and financial institutions and will substantially impact the way they approach online banking security going forward."

About PhoneFactor
PhoneFactor is a leading provider of multi-factor authentication. The company's award-winning platform uses any phone as a second form of authentication. PhoneFactor's out-of-band architecture and real-time fraud alerts provide strong security for enterprise, banking, and website applications. It is easy and cost effective to set up and deploy to large numbers of geographically diverse users. PhoneFactor was recently named to the Bank Technology News FutureNow list of the top 10 technology innovators securing the banking industry today and a finalist in the SC Magazine Reader Trust Awards. Learn more at www.phonefactor.com.

Contact Information