PRTODAY / NewswireToday Free press release distribution service network

Written by / Agency / Source: Sestus, LLC

Check Ads Availability|e-mail Article


Are you the owner of this article?, Turn it PREMIUM with your LOGO instead - and make it 3rd party Ads-Free! within the next hour!

96% of U.S Banks Failing to Implement Multi-Factor Authentication - Study reports 96% of U.S. banks are failing to implement FFIEC-recommended multi-factor authentication, opting instead for authentication methods that solicit confidential information from consumers - PhishCops.com / SestusData.com
96% of U.S Banks Failing to Implement Multi-Factor Authentication

 

NewswireToday - /newswire/ - Avondale, AZ, United States, 2007/07/20 - Study reports 96% of U.S. banks are failing to implement FFIEC-recommended multi-factor authentication, opting instead for authentication methods that solicit confidential information from consumers - PhishCops.com / SestusData.com.

   
 
Your Banner Ad Here instead - Showing along with ALL Articles covering Financial/Legal/Venture Announcements

Replace these Affiliate Programs at ANYTIME! Your banner here within the next hour. Learn How!


 

A study released last month by Sestus Data Company and BearingPoint Financial Services Information Security Group reports 96% of U.S. banks are failing to implement FFIEC-recommended multi-factor authentication, opting instead for authentication methods that solicit confidential information from consumers.

On August 15, 2006, the Federal Financial Institutions Examination Council (FFIEC) issued a Supplement in which it clarified what it considered to be true multi-factor authentication: "By definition true multi-factor authentication requires the use of solutions from two or more of the three categories of factors. Using multiple solutions from the same category at different points in the process may be part of a layered security or other compensating control approach, but it would not constitute multi-factor authentication."

The study evaluated a statistical sampling of 100 U.S. banks with published website statements asserting their belief in their compliance with FFIEC multi-factor authentication guidelines. The study analyzed the authentication methods employed by each bank to determine whether the sampled banks were, in fact, consistently employing "solutions from two or more of the three categories of factors", i.e. something the user knows, something the user has, or something the user is.

FINDINGS: WIDESPREAD NON-COMPLIANCE WITH REGULATORY GUIDELINES
According to the study, the U.S. banking industry appears to be ignoring or misinterpreting the FFIEC's multi-factor guidelines in favor of single-factor authentication methods that require consumers to divulge (previously undisclosed) confidential personal information in order to access their online accounts.

The study authors found, "1) overwhelming use of single-factor challenge/response, image-based, and other knowledge based authentication methods purporting to be multi-factor authentication, 2) numerous and varied mis-interpretations regarding the definition of "something the user has", and 3) a high probability for increasing online fraud and loss of consumer privacy as a result of widespread adoption of challenge/response and other knowledge-based systems."

According to the study:

64% of U.S. banks offer only single-factor authentication methods. Where they had previously solicited only logins and passwords, they now solicit additional information in the form of challenge questions. Apparently, these banks believe that by simply asking for MORE information, they are somehow meeting the regulatory definition of multi-factor authentication, a mistaken assumption which the FFIEC has already refuted.

26% of U.S. banks are adopting authentication methods which are "inconsistently multi-factor". These banks attempt to retrieve cookie file or other information in order to satisfy the "something the user has" authentication factor, however, when this information cannot be retrieved, these banks fall back on soliciting more of "something the user knows" in the form of challenge questions.

6% of U.S. banks do offer consistently multi-factor authentication methods as an option, but then permit their members to opt-out of using such methods. If the member chooses to opt-out, the bank employs only single-factor methods.

Only 4% of the sampled banks employed consistently multi-factor authentication methods.

STUDY PREDICTS LOSS OF CONSUMER PRIVACY WILL INCREASE
This study represents the first attempt to measure industry compliance with the FFIEC's multi-factor guidelines since their publication in 2005 and it presents a grim picture.

U.S. banks appear to be ignoring or misinterpreting the FFIEC's call for "true multi-factor authentication" in favor of authentication methods which will actually contribute to the loss of consumer privacy. The study warns, "The stage is being set for an online privacy crisis fueled by millions of pieces of previously-undisclosed personal information solicited by thousands of legitimate financial websites as well as by tens of thousands of fraudulent websites."

DOWNLOAD STUDY
The study (PDF) may be downloaded from SestusData.com/.

STUDY CO-AUTHORS
Sestus Data Company's PhishCops™ product is based on government-approved authentication methods and the U.S. government has recognized PhishCops™ for its breakthrough in multi-factor authentication, naming it a semi-finalist for both the 2005 and 2007 Homeland Security Award. PhishCops™ (phishcops.com) is also a recipient of the InfoWorld 100 Award, InfoWorld Magazine's highest honor for technical innovation. PhishCops™ enjoys an enviable reputation in the financial market with organizations and consumers. The company credits its positive reception to its patent-pending approach to authentication which never solicits personal information.

The BearingPoint Financial Services Information Security group provides information security services to large and mid-sized financial services companies. The group works with clients to protect their data, comply with federal and international laws and regulations, reduce operational and reputation risks, and imbed security into their next generation financial services products and services. BearingPoint is a leading management and technology consulting company serving the Forbes Global 2000 and many of the world's largest public services organizations. The company's 6,000 risk, compliance and security professionals are skilled in both strategy and execution. Operating in more than 40 countries, they are dedicated to providing tailored, effective strategy, process and technology solutions.

 
 
Your Banner Ad Here instead - Showing along with ALL Articles covering Financial/Legal/Venture Announcements

Replace these Affiliate Programs at ANYTIME! Your banner here within the next hour. Learn How!


 

Written by / Agency / Source: Sestus, LLC

 
 

Availability: All Regions (Including Int'l)

 

Traffic Booster: [/] Quick Newswire Today Visibility Checker

 

Distribution / Indexing: [+]

 
 
# # #
 
 
  Your Banner Ad showing on ALL
Financial/Legal/Venture articles,
CATCH Visitors via Your Competitors Announcements!


96% of U.S Banks Failing to Implement Multi-Factor Authentication

Company website links NOT available to basic submissions
It is OK to republish and/or LINK any newswire for any legitimate media purpose as long as you name Newswire Today and LINK as the source.
 
  Is this your article?
Activate ALL web links and social stream by Upgrading to Press Release PREMIUM Plan Now!

|
Publisher Contact: SestusData.com 
1-800-788-1927 info[.]sestusdata.com
 
Newswire Today - PRZOOM / PRTODAY disclaims any content contained in this article. If you need/wish to contact the company who published the current release, you will need to contact them - NOT us. Issuers of articles are solely responsible for the accuracy of their content. Our complete disclaimer appears here.
IMPORTANT INFORMATION: Issuance, publication or distribution of this press release in certain jurisdictions could be subject to restrictions. The recipient of this press release is responsible for using this press release and the information herein in accordance with the applicable rules and regulations in the particular jurisdiction. This press release does not constitute an offer or an offering to acquire or subscribe for any Sestus, LLC securities in any jurisdiction including any other companies listed or named in this release.

Financial/Legal/Venture via RSSAdd NewswireToday - PRZOOM Headline News to FeedBurner
Find who RetweetFollow @NewswireTODAY



Are you the owner of this article?, Turn it PREMIUM with your LOGO instead - and make it 3rd party Ads-Free! within the next hour!


Read Latest Articles From Sestus, LLC / Company Profile


Read Financial/Legal/Venture Most Recent Related Newswires:

LexisNexis® Expands Media Intelligence Portfolio with LexisNexis® Media Contacts Solution
LexisNexis Wins 21 Awards from Two Prestigious Publications
Frost & Sullivan Commends AutoGravity for Transforming Automotive Financing Industry
NYSE Governance Services and FTI Consulting Announce 17th Annual Corporate Law Firms Rankings
FTI Consulting and Asia Group Advisors Formalise Affiliate Relationship Across Asia Pacific
LexisNexis Receives 2017 Corporate Leadership Award from Freedom House for Activism in Advancing the Rule of Law
Societe Generale Named ‘Distinguished Provider of Transaction Banking Services’ by FImetrix
ALM Wins 2 Awards at 2017 Jesse H. Neal Awards
ALM’s ThinkAdvisor Launches Life/Health Channel
The National Law Journal Unveils Monthly Print Magazine
Societe Generale Selects HPD Software to Support its International Factoring Expansion
GE Closes Sale of Consumer Finance Business in France - Last Major Closing of GE Capital Exit Plan
Lazard Global Listed Infrastructure Fund Wins Two Lipper Fund Awards
Global Brands List of 2017 Awarded Elite Capital & Co. the Best Financial Brand in United Kingdom
FTI Consulting Receives Recognition in the Legal Industry

Boost Your Social Network
& Crowdfunding Campaigns


LIFETIME SOCIAL MEDIA WALL
NewswireToday Celebrates 10 Years in Business


PREMIUM Members


Visit  Persistence Market Research (P) Ltd

Visit  BizJobs.com





 
  ©2017 Newswire Today — Limelon Advertising, Co.
Home | About | Advertise/Pricing | Contact | Investors | Privacy/TOS | Sitemap | FRANCAIS
newswire, PR free press releases distribution service magazines engine news alert newsroom press room breaking news public relations articles company news alerts newswiredistribution ezine bizentrepreneur biznewstoday digital business report market search pr firms agencies reports distri-bution today investor relation successful internet entrepreneurs newswire distribution prtoday.com freenewswiredistribution asianewstoday bizwiretoday USA pr UK today - NOT affiliated with PRNewswire as we declined their partnership offer in 2013
 
PRTODAY & NewswireTODAY are NOT affiliated with USA TODAY (usatoday.com)