The FFIEC Authentication Guidance update is out, and third-party service providers need to begin reviewing their internal systems and communicating with their financial institution customers, says Wells Fargo Bank's Phil Alexander.
"It's time to stop shifting the security burden onto retailers and restaurants like Margarita's," says Gartner analyst Avivah Litan on the latest payment card breach. "In fact, it was time for that over five years ago."
Developing good relationships with business associates is an essential component of an information security strategy. It also helps to ensure compliance with HIPAA and the HITECH Act and to avoid breaches. Join us for this webinar, where a leading health information security expert will address such issues...
Some 200 people have reported fraudulent debit and credit transactions hitting their accounts after dining at Margarita's Mexican Restaurant in Texas. Investigators believe a third-party vendor may have been hacked.
On June 28, the FFIEC released its final, formal version of its Authentication Guidance. Not even one month later, we've created three new training programs to help banking institutions understand and conform with the guidance.
In a merger, it's important for both organizations to have strong communication and data protection processes in place, says Phil Romero, senior security architect of First Technology Federal Credit Union. His institution just led a $4.75 billion merger.
It's not enough for banking institutions to conform to the FFIEC Authentication Guidance update. They also must ensure that their key vendors meet the same standards, says Philip Alexander of Wells Fargo Bank.
Jeff Kopchik of the FDIC says too much emphasis on what's "missing" from the FFIEC's new guidance detracts from regulators' intent: providing financial institutions with a guideline for securing online transactions.
The release of the list coincides with the issuance of the Common Weakness Scoring System that allows software makers to identify vulnerabilities in their programs and buyers to determine software they acquire is secure.
Banks need to take a proactive approach toward improving their business continuity planning, and that includes updating services and evaluating business-impact assessments, says Donald Saxinger of the FDIC.