Federal standards for financial institutions require a layered security approach and the use of multi-factor authentication for user authorization.


The Federal Financial Institutions Examination Council

The Gramm-Leach-Bliley Act (GLBA)

The Gramm-Leach-Bliley Act (GLBA) was established in 1999 to protect consumer financial information. This includes the security and confidentiality of financial information, protection from threats to the information, and protection from unauthorized access or use of the information.

The Federal Financial Institutions Examination Council (FFIEC) was established to expand on the goals of GLBA by establishing uniform principles and standards for compliance to financial institutions.

FFIEC Compliance for Online Banking

The FFIEC released "Authentication in an Internet Banking Environment" (AIEB) in 2005. As the title suggests, this is a set of guideline and standards for finanical institutions conducting business online. During this time financial instutions experienced enormous growth of online usage as consumers steadily trusted and adopted doing business online. In response to the growing threat of identity theft as a result of malware, hacking, and phishing schemes, the FFIEC proposed security standards for user authentication, sufficient encryption for online transactions, and proper risk assessment and procedures in the online environment.

In 2011, the FFIEC released a supplement to the 2005 AIEB guide to combat the continuing growth and sophistication of online threats and resulting enormous financial loss annually. The new guide proposed better risk assessment, controls to detect and prevent attacks, stronger authentication methods, and a layered security model. Although the FFIEC endorses no individual method, it is recommended that two-factor authentication or multi-factor authentication be used for user authentication. Compliance is expected by January of 2012.