`
`FDIC: Inactive FIL-103-2005: Authentication in an Internet Banking Environment
`
`Federal Deposit
`Federal Deposit
`Insurance Corporation
`Insurance Corporation
`
`Home > News & Events > Inactive Financial Institution Letters
`Inactive Financial Institution Letters
`
`FFIEC Guidance
`Authentication in an Internet Banking Environment
`
`FIL-103-2005
`October 12, 2005
`
`Summary:
`
`The Federal Financial Institutions Examination Council (FFIEC) has issued the attached guidance, “Authentication in an Internet
`Banking Environment.” For banks offering Internet-based financial services, the guidance describes enhanced authentication methods
`that regulators expect banks to use when authenticating the identity of customers using the on-line products and services. Examiners
`will review this area to determine a financial institution’s progress in complying with this guidance during upcoming examinations.
`Financial Institutions will be expected to achieve compliance with the guidance no later than year-end 2006.
`
`Highlights:
`Financial institutions offering Internet-based products and services should use effective methods to authenticate the
`identity of customers using those products and services.
`Single-factor authentication methodologies may not provide sufficient protection for Internet-based financial services.
`The FFIEC agencies consider single-factor authentication, when used as the only control mechanism, to be
`inadequate for high-risk transactions involving access to customer information or the movement of funds to other
`parties.
`Risk assessments should provide the basis for determining an effective authentication strategy according to the risks
`associated with the various products and services available to on-line customers.
`Customer awareness and education should continue to be emphasized because they are effective deterrents to the
`on-line theft of assets and sensitive information.
`Distribution:
`FDIC-Supervised Banks (Commercial and Savings)
`Suggested Routing:
`Chief Executive Officer
`Chief Information Security Officer
`Related Topics:
`
`FIL-66-2005, Guidance on Mitigating Risks From Spyware, issued July 22, 2005
`
`FIL-64-2005, Guidance on How Financial Institutions Can Protect Against Pharming Attacks, issued July 18, 2005
`
`FIL-27-2004, Guidance on Safeguarding Customers Against E-Mail and Internet Related Fraud, issued March 12, 2004
`
`FFIEC Information Security Handbook, issued November 2003
`
`Interagency Informational Brochure on Phishing Scams, contained in FIL-113-2004, issued September 13, 2004
`
`Putting an End to Account- Hijacking Identity Theft, FDIC Study, issued December 14, 2004
`
`FDIC Identity Theft Study Supplement on Account-Highjacking Identity Theft, issued June 17, 2005
`Attachment:
`FFIEC Guidance: Authentication in an Internet Banking Environment - PDF 163k (PDF Help)
`Contact:
`Senior Policy Analyst Jeffrey Kopchik at jkopchik@fdic.gov or (202) 898-3872, or Senior Technology Specialist Robert D. Lee at rolee@fdic.gov or (202) 898-3688
`Printable Format:
`FIL-103-2005 - PDF 41k (PDF Help)
`Note:
`FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's Web site at www.fdic.gov/news/news/financial/2005/index.html.
`
`To receive FILs electronically, please visit http://www.fdic.gov/about/subscriptions/fil.html.
`
`Paper copies of FDIC FILs may be obtained through the FDIC's Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (1-877-275-3342 or
`(703) 562-2200).
`
`Last Updated 10/12/2005
`
`communications@fdic.gov
`
`Home Contact Us Search Help SiteMap Forms Transparency & Accountability En Español
`Website Policies Accessibility Statement Privacy Policy Plain Writing Act of 2010 USA.gov FDIC Office of Inspector General
`FDIC O
`G
`t W b
`N FEAR A t D t
`F
`d
`f I
`f
`ti
`A t (FOIA) S
`i C t
`https://www.fdic.gov/news/inactive-financial-institution-letters/2005/fil10305.html
`
`1/2
`
`APPL-1039
`APPLE INC./Page 1 of 2
`
`
`
`FDIC: Inactive FIL-103-2005: Authentication in an Internet Banking Environment
`1/17/24, 4:23 PM
`Freedom of Information Act (FOIA) Service Center FDIC Open Government Webpage No FEAR Act Data
`
`https://www.fdic.gov/news/inactive-financial-institution-letters/2005/fil10305.html
`
`2/2
`
`APPL-1039
`APPLE INC./Page 2 of 2
`
`
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
