{"id":4754,"date":"2014-09-15T16:09:38","date_gmt":"2014-09-15T16:09:38","guid":{"rendered":"https:\/\/evssolutions.com\/new-ffiec-guidelines-time-to-layer\/"},"modified":"2014-09-15T16:09:38","modified_gmt":"2014-09-15T16:09:38","slug":"new-ffiec-guidelines-time-to-layer","status":"publish","type":"post","link":"https:\/\/evssolutions.com\/insights\/new-ffiec-guidelines-time-to-layer\/","title":{"rendered":"New FFIEC Guidelines Time to Layer"},"content":{"rendered":"

The FFIEC<\/a> just released
\na new set of supplemental guidelines for security measures to thwart identity
\nthieves in the financial industry. The focus seems to be on risk assessments and
\ncustomer awareness, as well as layered id authentication<\/a>
\ntechniques designed to distinguish customers. Many of the layering techniques
\nsuggested are commonly used today such as device tracking (cookies),
\nout-of-band verification (text to cell phone), limited transactions per day, IP
\nblocking, challenge questions and various others. The guidance also urges
\ninstitutions to have a plan in place to detect and respond to malicious
\nactivity based on the layering techniques.<\/p>\n

Once again Challenge Questions are falling out of favor
\nwith the FFIEC as an effective security layer.
\nWith traditional challenge questions, used everywhere today, they would
\nbe correct. The two methods today are defined questions (mothers maiden name,
\nfirst pets name, etc.) and user defined questions (write your question and your
\nanswer). Weve been so conditioned with defined questions I would venture to
\nsay that many people recycle the old questions. Two problems exist with these
\nquestions: 1) theyre the same for
\nalmost every website on the Internet, and 2) the information is readily
\navailable online. <\/p>\n

Contrast traditional challenge questions with Out-of-Wallet,
\nKnowledgeBased Authentication<\/a> (KBA) questions. Questions not defined by the user,
\nbut using information that only the user would know from their past are useful
\nand cost effective tools for a layered approach. EVS<\/a> provides KBA
\nquestions as part of our IdentiFraudConsumer<\/a> product at no additional charge.\n<\/p>\n

 <\/p>\n

[Contributed by Jeff Davis, President and CEO]<\/p>\n","protected":false},"excerpt":{"rendered":"

The FFIEC just released a new set of supplemental guidelines for security measures to thwart identity thieves in the financial industry. The focus seems to be on risk assessments and customer awareness, as well as layered id authentication techniques designed<\/p>\n","protected":false},"author":40,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-4754","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"_links":{"self":[{"href":"https:\/\/evssolutions.com\/wp-json\/wp\/v2\/posts\/4754","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/evssolutions.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/evssolutions.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/evssolutions.com\/wp-json\/wp\/v2\/users\/40"}],"replies":[{"embeddable":true,"href":"https:\/\/evssolutions.com\/wp-json\/wp\/v2\/comments?post=4754"}],"version-history":[{"count":0,"href":"https:\/\/evssolutions.com\/wp-json\/wp\/v2\/posts\/4754\/revisions"}],"wp:attachment":[{"href":"https:\/\/evssolutions.com\/wp-json\/wp\/v2\/media?parent=4754"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/evssolutions.com\/wp-json\/wp\/v2\/categories?post=4754"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/evssolutions.com\/wp-json\/wp\/v2\/tags?post=4754"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}