A major concern for banks and other financial institutions like Investment Funds, Credit Card Companies, Trading Houses is to protect the data and customer’s money. One of the biggest objectives of hackers is to steal money and data from financial institutions. It is quite an easy task for an individual to capture usernames and passwords of other individuals by using multiple techniques like Sniffing, installing Keylogger etc. AuthShield offers two-factor authentication system which is based on:
By implementing two-factor authentication will reduce the losses suffered by financial institutions in terms of money and brand depreciation.
AuthShield IDAS two-factor authentication can be integrated with servers, VPNs and web applications to provide the security needed to comply with FFIEC, PCI-DSS, NCUA, FACTA, RBI and SEBI guidelines among others. It also
In India, RBI (Reserve Bank of India) has issued some guidelines mandating all banks in India to have a two-factor authentication system for all online transactions which is carried out by the bank users. Later, RBI issued detailed instructions to banks to help and prevent various hacking attacks. In Feb, 2009, it became mandatory to put in place ‘a system of providing for additional authentication/validation based on information which is not visible on the cards for all online card-not-present transactions except IVR transactions”. And by the next year in 2010, RBI also made compulsory two-Factor authentication for transactions that happen through IVR Channel also.
In India, SEBI has issued a guideline for all the broking community members to implement two-factor authentication for login session for all orders that transmitted online through internet based trading (IBT) and security trading using wireless technology (STWT) platforms.
In 2005, The Federal Financial Institutions Examination Council (FFIEC) issued guidance i.e. ‘Authentication in an Internet Banking Environment’ for effective methods to authenticate the identity of customers. It also stated that “The agencies who consider username and password authentication as the only control mechanism are inadequate for high-risk transactions involving access to customer information or the transfer of funds to other parties.”
The decree of The Payment Card Industry Data Security Standards (PCI DSS) is that organizations who ‘hold, process or pass’ cardholder information should meet a minimum level of security. Part of this security is to protect remote logins with strong authentication. According to section 8.3 organizations must implement two-factor authentication for remote access to the network by employees, administrators and third party associates.
The Internet has changed the way money flows. E-banking services ranges from simple enquiry to complex e-Commerce activities. In 2005, the NCUA issued a letter stating that a single-factor authentication such as username and password as a security control mechanism may not be adequate for high-risk transactions which includes access to member information or fund transfers.
The Fair and Accurate Credit Transactions Act of 2003 (FACTA) included provision to help reduce identity theft. According to ‘New Red Flag rules’ (section 114 and 315 of FACTA) it is necessary to develop and implement an Identity Theft Prevention Program in all the financial institutions for both new and existing accounts. The Program must include few policies and procedures to detect, prevent and resolve identity theft.
Copyright - All Rights Reserved © INNEFU | Powered by ITPL