FFIEC CONSUMER GUIDANCE

Similar documents
FFIEC CONSUMER GUIDANCE

ASSESSMENT LAYERED SECURITY

ELECTRONIC BANKING & ONLINE AUTHENTICATION

Web Cash Fraud Prevention Best Practices

WHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications

Best Practices Guide to Electronic Banking

White Paper. The Impact of Payment Services Directive II (PSD2) on Authentication & Security

Keep the Door Open for Users and Closed to Hackers

Cyber security tips and self-assessment for business

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

Your security on click Jobs

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

A STUDY OF TWO-FACTOR AUTHENTICATION AGAINST ON-LINE IDENTITY THEFT

9/11/ FALL CONFERENCE & TRAINING SEMINAR 2014 FALL CONFERENCE & TRAINING SEMINAR

Regulation P & GLBA Training

Authentication and Fraud Detection Buyer s Guide

Securing today s identity and transaction systems:! What you need to know! about two-factor authentication!

Identity Theft, Fraud & You. PrePare. Protect. Prevent.

Online Security and Safety Protect Your Computer - and Yourself!

Retail/Consumer Client Internet Banking Awareness and Education Program

IDENTITY THEFT PREVENTION Policy Statement

Texas Department of Banking United States Secret Service January 25, 2012

Regulator s Perspective of Best Practices in Combatting Cybercrime Executive Fraud Forum October 30, 2013

CLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies

Page 1 of 6 Bank card and cheque fraud

NYDFS Cybersecurity Regulations

201 CMR COMPLIANCE CHECKLIST Yes No Reason If No Description

COMMON WAYS IDENTITY THEFT CAN HAPPEN:

January 23, Online Banking Risk Management: A Multifaceted Approach for Commercial Customers

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

Identity Theft Prevention Policy

It pays to stop and think

CYBER SECURITY RESOURCE GUIDE. Cyber Fraud Overview. Best Practices and Resources. Quick Reference Guide for Employees. Cyber Security Checklist

External Supplier Control Obligations. Cyber Security

DIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL. June 14, 2018

It s still very important that you take some steps to help keep up security when you re online:

Octopus Online Service Safety Guide

Business Online Banking & Bill Pay Guide to Getting Started

Business/Commercial Client Internet Banking Awareness and Education Program

Federal Deposit Insurance Corporation th Street NW Washington, DC

Smart Cards and Authentication. Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security

Accelerating growth and digital adoption with seamless identity trust

Information Technology General Control Review

Policy 24 Identity Theft Prevention Program IDENTITY THEFT PREVENTION PROGRAM OF WEBB CREEK UTILITY DISTRICT

Paystar Remittance Suite Tokenless Two-Factor Authentication

Identity Theft Policies and Procedures

Merchant Guide to PCI DSS

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

IMPORTANT SECURITY CHANGES LOGGING ON. We are replacing the existing enhanced authentication.

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) banksa.com.au

PCI Compliance. What is it? Who uses it? Why is it important?

Remote Access (Supporting Document)

Information Security Controls Policy

Personal Online Banking & Bill Pay. Guide to Getting Started

Electronic Signature Policy

Guide to Getting Started. Personal Online Banking & Bill Pay

Education Network Security

STATE OF NEW JERSEY. ASSEMBLY, No th LEGISLATURE. Sponsored by: Assemblywoman ANNETTE QUIJANO District 20 (Union)

Payment Systems Department

Sage Data Security Services Directory

Data Classification, Security, and Privacy

FFIEC Guidance: Mobile Financial Services

Maria Hishikawa MSIX Technical Lead Sarah Storms MSIX Contractor Security

FAQ. Usually appear to be sent from official address

Creative Funding Solutions Limited Data Protection Policy

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

Element Finance Solutions Ltd Data Protection Policy

Take Risks in Life, Not with Your Security

3 rd Party Certification of Compliance with MA: 201 CMR 17.00

PCI Compliance: It's Required, and It's Good for Your Business

How Cyber-Criminals Steal and Profit from your Data

DETAILED POLICY STATEMENT

Cyber Insurance: What is your bank doing to manage risk? presented by

Service Provider View of Cyber Security. July 2017

Jordan Levesque Making sure your business is PCI compliant

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

COMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards

Emerging Issues: Cybersecurity. Directors College 2015

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

A Security Model for Space Based Communication. Thom Stone Computer Sciences Corporation

Red Flag Policy and Identity Theft Prevention Program

The CERT Top 10 List for Winning the Battle Against Insider Threats

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

A company built on security

Effective Data Security Takes More Than Just Technology

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

Cybersecurity The Evolving Landscape

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Business ebanking User Guide May 2015

First Federal Savings Bank of Mascoutah, IL Agreement and Disclosures

Internet of Things Toolkit for Small and Medium Businesses

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

Legal and Regulatory Developments for Privacy and Security

GLOBAL PAYMENTS AND CASH MANAGEMENT. Security

7. How do I obtain a Temporary ID? You will need to visit HL Bank or mail us the econnect form to apply for a Temporary ID.

Taking control of your finances... 5 Use these tips to manage your finances

Cybersecurity in Higher Ed

How Next Generation Trusted Identities Can Help Transform Your Business

Transcription:

FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their customers.

Online Security Is Our Top Priority! I If you use online or mobile banking, you will be interested to learn that six federal financial industry regulators teamed up recently to make your accounts more secure. New supervisory guidance from the Federal Financial Institutions Examination Council (FFIEC) will help banks strengthen their vigilance and make sure that the person signing into your account is actually you. The supervisory guidance is designed to make online transactions of virtually all types safer and more secure. UNDERSTANDING THE FACTORS Online security begins with the authentication process, used to confirm that it is you, and not someone who has stolen your identity. Authentication generally involves one or more basic factors: Something the user knows (e.g., password, PIN) Something the user has (e.g., ATM card, smart card) Something the user is (e.g., biometric characteristic, such as a fingerprint). Single factor authentication uses one of these methods; multi-factor authentication uses more than one, and thus is considered a stronger fraud deterrent. When you use your ATM, for example, you are utilizing multi-factor authentication: Factor number one is something you have, your ATM card; factor number two is something you know, your PIN.

To assure your continued security online, your bank uses both single and multi-factor authentication, as well as additional layered security measures when appropriate. LAYERED SECURITY FOR INCREASED SAFETY Layered security is characterized by the use of different controls at different points in a transaction process so that a weakness in one control is generally compensated for by the strength of a different control. An example of layered security might be that you follow one process to log in (user/password), and then give additional information to authorize funds transfers. Layered security can substantially strengthen the overall security of online transactions protecting sensitive customer information, preventing identity theft, and reducing account takeovers and the resulting financial losses. The purpose of these layers is to allow your bank to authenticate customers and detect and respond to suspicious activity related to initial login and then to reconfirm this authentication when further transactions involve the transfer of funds to other parties. INTERNAL ASSESSMENTS AT YOUR BANK On the back-end, the new supervisory guidance offers ways your bank can look for anomalies that could indicate fraud. The goal is to ensure

that the level of authentication called for in a particular transaction is appropriate to the transaction s level of risk. Accordingly, your bank has concluded a comprehensive risk-assessment of its current methods as recommended in this supervisory guidance. These risk assessments consider, for example: changes in the internal and external threat environment changes in the customer base adopting electronic banking changes in the customer functionality offered through electronic banking; and actual incidents of security breaches, identity theft, or fraud experienced by the institution or industry. Whenever increased risk to your transaction security might warrant it, your bank will be able to conduct additional verification procedures, or layers of control, such as: Utilizing call-back (voice) verification, e-mail approval, or cell phone-based identification. Employing customer verification procedures, especially when opening accounts online. Analyzing banking transactions to identify suspicious patterns. For example, that could mean flagging a transaction in which a customer who normally pays $10,000 a month to five different vendors suddenly pays $100,000 to a completely new vendor. Establishing dollar limits that require manual intervention to exceed a preset limit.

YOUR PROTECTIONS UNDER REG E Banks follow specific rules for electronic transactions issued by the Federal Reserve Board. Known as Regulation E, the rules cover all kinds of situations revolving around transfers made electronically. Under the consumer protections provided under Reg E, you can recover internet banking losses according to how soon you detect and report them. Here is what the Federal rules require: If you report the losses within two days of receiving your statement, you can be liable for the first $50. After two days, the amount increases to $500. After 60 days, you could be legally liable for the full amount. These protections can be modified by state law or by policies at your bank, so be sure to ask your banker how these protections apply to your particular situation. CUSTOMER VIGILANCE: THE FIRST LINE OF DEFENSE Of course, understanding the risks and knowing how fraudsters might trick you is a critical step in protecting yourself online. You can make your computer safer by installing and updating regularly your Anti-virus software Anti-malware programs Firewalls on your computer Operating system patches and updates

You can also learn more about online safety and security at these websites: www.staysafeonline.com www.ftc.gov www.usa.gov www.idtheft.gov IF YOU HAVE SUSPICIONS If you notice suspicious activity within your account or experience security-related events (such as a Phishing email from someone purporting to be from your bank), you can contact anyone at your bank and you will be quickly and courteously guided to the person responsible for such issues. FINANCIAL EDUCATION CORPORATION

Contact any BankIowa Customer Service Representative toll-free at 1-800-433-0285 or direct at any of our locations at: Cedar Falls 319.277.1600 Cedar Rapids NE 319.395.9100 Cedar Rapids SW 319.654.9444 Independence 319.334-7181 Independence S 319.334.6633 Jesup 319.827.1777 Lamont 563.924.2241 Norway 319.227.7146 Waterloo 319.236.2140 You can also send an email requesting that we contact you to: bankiowa@bankiowa.com We will then contact you at the phone number we have in our records. Thank you.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback