As an outsource security partner BAI provides managed security, managed firewall, managed ids, content filtering, internet security, network security, penetration testing, and vulnerability testing.

Last week the Federal Financial Institutions Examination Council (FFEIC) released new guidelines for tightening security around Internet-banking and financial services.  The document sites single-factor authentication (simple username/password) as insufficient and recommends stronger methods along with improved periodic and/or continuous assessment.

Since the FFIEC sets the standards for the Federal Deposit Insurance Corp (FDIC) and the Federal Reserve System (FRS), institutions will want to pay close attention to the new best practices, as they will be considered by examiners later in 2006.

The FFIEC is not stipulating which technologies should be used, so financial institutions are left responsible for evaluating various technologies and implementing what works best for their environment and customer base.  Solutions range from additional questions at logon and recognizing pre-selected images on the low-cost end to already-proven token-based devices (key fobs & keycards) which would now be carried by customers.

The costs of such technologies can be as low as $1 or less per customer per year, but some question the life of such solutions as regulations continues to tighten in the future. 

The FFIEC sites the growing sophistication of threats and rising risks to financial institutions and their customers as the basis for the heightened authentication measures.  The new guidance replaces the FFIEC’s “Authentication in an Electronic Banking” issued in 2001.

A link to the official press release and the guidance document can be found here.