"The FFIEC guidance does a good job of addressing today's and yesterday's threats and suggested techniques, but it is not sufficiently forward-looking," says Gartner's Avivah Litan. "Two years from now, the guidance will be sorely out of date."
For all the latest news and views, please visit the FFIEC Authentication Guidance Resource Center.
Aite's Julie McNelley says the final FFIEC online authentication guidance offers greater detail in areas such as layered security, but that institutions have much to do to prepare for regulatory assessments in 2012.
The Federal Financial Institutions Examination Council has formally released the long-awaited update to its "Authentication in an Internet Banking Environment" guidance. The new directives take effect January 2012.
The Final FFIEC Guidance has been issued and its main intent is to reinforce the 2005 Guidance's risk management framework and update the Agencies' expectations regarding customer authentication, layered security, or other controls in the increasingly hostile online environment.
The new virtualization guidance issued by the PCI Security Standards Council urges organizations to take a risk-based approach when dealing with virtualization methods, especially within cardholder data environments.
"Most convenience stores are concerned about pay-at-the-pump skimming. But they can only focus on so much," says Gray Taylor, a security and compliance expert with the National Association of Convenience Stores.
Leigh Williams says preventing online data breaches requires cooperation within the online ecosystem from domestic and international organizations. Spearheading and maintaining that cooperation requires federal oversight, he contends.
Police in Beaverton, Ore., have asked for the public's help to identify four suspects who were caught on camera using fake payment cards allegedly created from details skimmed by fraudsters at area Michaels stores.
Building on existing contactless NFC technology could bridge the gap between the mag-stripe and chip and PIN. And the Smart Card Alliance says merchants should begin investing in infrastructure upgrades now.
Security experts at this week's Gartner Security and Risk Management Summit agree: Security, not compliance, has to be the new focus. Cyberintrusions cannot be stopped, and the RSA breach should be a lesson to the industry.
The arrest followed an investigation into network intrusions and distributed denial of service attacks against a number of international business and intelligence agencies by what is believed to be the same hacking group.