Feds Want Banks to Strengthen Web Log-Ons

Iria · Oct 17, 2005, 07:53 PM

BOSTON - Federal regulators will require banks to strengthen security for Internet customers through authentication that goes beyond mere user names and passwords, which have become too easy for criminals to exploit.

Bank Web sites are expected to adopt some form of "two-factor" authentication by the end of 2006, regulators with the Federal Financial Institutions Examination Council said in a letter to banks last week.

In two-factor authentication, customers must confirm their identities not only through something they know, like a PIN or password, but also with something they physically have, like a hardware token with numeric access codes that change every minute.

Other types of two-factor authentication include costlier hardware involving biometrics or "smart" cards that would be inserted into designated readers on a user's computer.
___________
Read More / Source: SBC Yahoo! News

Vikingod · Oct 17, 2005, 07:58 PM

This has been coming down the pipe for a while now, and it will still be a while before its "required". I will doubt the 2006 figure personally, but if the FFIEC says so...

**temeteus82** · Oct 17, 2005, 08:27 PM

heh, here in Finland we have to use special key codes to authorize payments via online bank. Once use it cant bee used again you know. It is quite secure way to pay bill etc... And banks uses very high end encryption 256 bit if I recall right ...

Vikingod · Oct 17, 2005, 08:46 PM

The problem is, not everyone see's a need for this high level of security (and not everyone at the banks do too). Its extremely expensive and requires more action on the users behalf, some say it makes things more difficult than just sending a letter with payment/deposit/ etc. From the banks side, until the regulators say its a MUST, they wont implement it (cost benefit, implementation, compliance).

**temeteus82** · Oct 17, 2005, 09:15 PM

Quote:

Originally Posted by Vikingod

The problem is, not everyone see's a need for this high level of security (and not everyone at the banks do too). Its extremely expensive and requires more action on the users behalf, some say it makes things more difficult than just sending a letter with payment/deposit/ etc. From the banks side, until the regulators say its a MUST, they wont implement it (cost benefit, implementation, compliance).

Ok, well some how it works here fine, and we users are happy for it. I don't see why it's difficult. Just look for the right lock code and type the key code. And hen it comes to expenses, our banks don't charge us when we use online banking.

Oct 17, 2005, 07:53 PM	#1
Iria DriverHeaven Extreme Member Join Date: Apr 2004 Posts: 7,275 Rep Power: 89	Feds Want Banks to Strengthen Web Log-Ons BOSTON - Federal regulators will require banks to strengthen security for Internet customers through authentication that goes beyond mere user names and passwords, which have become too easy for criminals to exploit. Bank Web sites are expected to adopt some form of "two-factor" authentication by the end of 2006, regulators with the Federal Financial Institutions Examination Council said in a letter to banks last week. In two-factor authentication, customers must confirm their identities not only through something they know, like a PIN or password, but also with something they physically have, like a hardware token with numeric access codes that change every minute. Other types of two-factor authentication include costlier hardware involving biometrics or "smart" cards that would be inserted into designated readers on a user's computer. ___________ Read More / Source: SBC Yahoo! News

Oct 17, 2005, 07:58 PM	#2
Vikingod Int'l Fish Liaison Join Date: Jul 2004 Location: By the light of lamp I sit and type... Posts: 16,197 Rep Power: 112 System Specs	This has been coming down the pipe for a while now, and it will still be a while before its "required". I will doubt the 2006 figure personally, but if the FFIEC says so...

Oct 17, 2005, 08:46 PM	#4
Vikingod Int'l Fish Liaison Join Date: Jul 2004 Location: By the light of lamp I sit and type... Posts: 16,197 Rep Power: 112 System Specs	The problem is, not everyone see's a need for this high level of security (and not everyone at the banks do too). Its extremely expensive and requires more action on the users behalf, some say it makes things more difficult than just sending a letter with payment/deposit/ etc. From the banks side, until the regulators say its a MUST, they wont implement it (cost benefit, implementation, compliance).