Security Basics mailing list archives

Bankers on FFIEC

From: "Ken Kousky" <kkousky () ip3inc com>
Date: Wed, 14 Mar 2007 20:42:52 -0400

The FFIEC guidance on online banking calls for strong authentication,
applied based on appropriate risk analysis and they even spell out the three
factors of authentication and state that single factor password
authentication isn't adequate. Yet, I've found many banks adding addition
questions to the login sequence and thinking they've added another factor.

Does anybody have experience with this situation and understand how banks
are getting around the Guidance for Online Banking requirements?

KWK

Current thread:

The Value of GIAC/GSEC Certification andrews (Mar 14)
- Re: The Value of GIAC/GSEC Certification Kim Guldberg (Mar 15)
  - Re: The Value of GIAC/GSEC Certification andrews (Mar 15)
  - Re: The Value of GIAC/GSEC Certification Florian Rommel (Mar 15)
  - RE: The Value of GIAC/GSEC Certification Nick Duda (Mar 15)
- Bankers on FFIEC Ken Kousky (Mar 15)
  - Re: Bankers on FFIEC William M. Davis (Mar 15)
- RE: The Value of GIAC/GSEC Certification Johnston Mark (UK) (Mar 15)
  - RE: The Value of GIAC/GSEC Certification Tony UcedaVélez (Mar 23)
    - RE: The Value of GIAC/GSEC Certification Don Parker (Mar 23)
    - RE: The Value of GIAC/GSEC Certification Craig Wright (Mar 26)
  - RE: The Value of GIAC/GSEC Certification Tony UcedaVélez (Mar 23)
    - RE: The Value of GIAC/GSEC Certification Craig Wright (Mar 23)
- Re: The Value of GIAC/GSEC Certification William M. Davis (Mar 15)
- <Possible follow-ups>
- Re: The Value of GIAC/GSEC Certification K. Brian Kelley (Mar 15)
- Re: Re: The Value of GIAC/GSEC Certification hannawi (Mar 23)

(Thread continues...)