Capitol Hill - Internet Banking

Legal Department

Capitol Comments
Comment Letters
Compliance Bulletins
Consumer Credit

	Late Charges & Fees
	Late Charges & Fees Interpretive Letter
	360 Day Calendar Interpretive Letter

Home Equity

	Home Equity Q&A
	Home Equity LOC Q&A
	Interpretive Letter
	Finance Commission Resources

Legal Ease
Payroll Liens
White Papers
Year End Checklist

Forums / Message Board

IBAT
1700 Rio Grande Street
Suite 100
Austin, TX 78701
Phone: 512-474-6889
Toll Free: 800-749-4228
Fax: 512-322-9004

Contact IBAT

This page was modified on 6/1/2006

Internet Banking - Security

Question: Our community bank offers online banking services. Do we have to be concerned with this "multi-factor" authentication bulletin (FIL 103-2005)?

Answer: Yes! First, you must perform a risk assessment. We recommend that you get this done by June 30. Then, for your high risk transactions (commercial bill pay, for example), implement multi-factor authentication no later than year end 2006. Logon name and password are considered a single factor. Remember that the FFIEC guidance identifies the various categories of authentication as (1) something the customer knows (e.g. password), (2) something the customer has (e.g. UBS token), and (3) something the customer is (e.g. fingerprint, retina scan).

If your service provider is conducting the risk assessment for you, be sure that your board reviews the assessment and makes a determination that it is reasonable, comports with your bank's activities, and is formally accepted.

Click here to see archive of all Legal Ease Q&A.

Comments & Questions
If you would like to comment on legislative topics or if you have questions about this information please call our public affairs expert, Mae Beth Palone at (800) 749-4228 or E-mail mbpalone@ibat.org.

Printable Version of this Page

web design by OceanMedia of Austin, Texas