For banks and other financial institutions like Investment Funds, Credit Card Companies, Trading Houses protecting the data and customer’s money is of paramount importance. One of the weakest links exploited by hackers to steal money and data from financial institutions and their customers is to break the password based authentication. Implementing a Two Factor Authentication will reduce the losses suffered by financial institutions in terms of money and brand deterioration. ArrayShield IDAS Two Factor Authentication can be integrated with servers, VPNs and web applications to provide the security needed to comply with FFIEC, PCI-DSS, NCUA, FACTA, RBI and SEBI guidelines among others.
ArrayShield IDAS Two Factor Authentication can be used to protect administrative and employee access to internal systems, and can also be integrated with user-facing systems to provide Two Factor authentication for banking, trading customers.
ArrayShield IDAS Two Factor Authentication is designed to provide security against various kinds of hacking attacks like phishing, real time replay attack, social engineering and keystroke logging. All this is provided at a lower cost that can suit Financial Institutions of all sizes.
ArrayShield IDAS Two Factor Authentication helps organizations to meet FFIEC, PCI DSS, NCUA, FACTA, RBI, SEBI Compliance Guidelines
In India, RBI (Reserve Bank of India) has issued a guideline mandating all banks in India to have a mechanism that will ensure Two Factor Authentication for all online transactions carried out by the bank users. As part of this directive, RBI issued detailed instructions to banks in February 2006 to help prevent phishing attacks. This was supplemented by an RBI notification on Feb. 18, 2009, that mandated banks put in place “a system of providing for additional authentication/validation based on information not visible on the cards for all online card-not-present transactions except IVR transactions” by Aug 1. Following which in 2010, RBI also mandated Two Factor authentication for transactions that happen through IVR Channel.
In India, SEBI has issued a guideline to all broking community members to implement Two Factor Authentication for login session for all orders emanating online through internet based trading (IBT) and securities trading using wireless technology (STWT) platforms.
In 2005 the Federal Financial Institutions Examination Council (FFIEC) issued a guidance called Authentication in an Internet Banking Environment that called for “effective methods to authenticate the identity of customers.” It also stated that “The agencies consider single-factor authentication, as the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties.”
PCI DSS Standards
The Payment Card Industry Data Security Standards (PCI DSS) mandate that organizations who “hold, process, or pass cardholder information” meet a minimum level of security. Part of this security is protecting remote access logins with Two Factor authentication. Specifically, section 8.3 says that organizations must “Implement Two Factor authentication for remote access to the network by employees, administrators, and third parties”
Federally Insured Credit Unions are increasingly offering a variety of Internet banking services ranging from simple inquiry to complex e-Commerce activities for their members. In 2005, the NCUA issued a letter stating that a single-factor authentication such as user name and password used as a security control mechanism may not be adequate for high-risk transactions involving access to member information or fund transfers.
The Fair and Accurate Credit Transactions Act of 2003 (FACTA) is a US law that includes provisions to help reduce identity theft. New Red Flag rules (section 114 and 315 of FACTA) require financial institutions to develop and implement an Identity Theft Prevention Program in connection with both new and existing accounts. The Program must include reasonable policies and procedures for detecting, preventing, and mitigating identity theft.