The Perspective 
Monday, 30 April 2007
Rufus Connell is research director of information technology for the business research and consulting firm Frost and Sullivan. He oversees Frost and Sullivan's subscription research on network security, digital media and retail systems.
Many of us are familiar with the Payment Card Industry (PCI) Data Security Standard that constantly impacts retail self-service technologies such as electronic funds transfer (EFT) terminals. But fewer may be aware of the Federal Financial Institutions Examination Council’s (FFIEC) guidance on authentication in Internet banking environments.
In a nutshell, the FFIEC guidance called for financial institutions that conduct online services to provide strong authentication for its users by the end of 2006.
FFIEC didn’t stipulate a specific form of strong authentication but left that to the banks’ discretion. This means that the banks could choose some form of hardware token — like those successfully deployed by banks in Europe by Vasco and widely deployed in enterprise networks by the likes of RSA (the security division of EMC), Secure Computing and others — or some other means such as software tokens.
Many banks in the United States scrambled to meet the 2006 deadline and, as a result, opted to deploy solutions that combine a software token with sophisticated fraud monitoring tools, which often are backed up by challenge/response tools.
Today RSA is the leader in the online banking authentication space by benefit of its acquisition of Passmark and Cyota. Also in this space are a number of other competitors such as Arcot, Bharosa and others. RSA is estimated to have approximately 100 million registered users while Arcot and Bharosa are estimated to have around 40 million and 20 million users, respectively. These companies deploy technology that analyzes the location of devices that try to connect to a bank’s Web site and authenticates users via combinations of software tokens, username/password, answers to personal questions and even keyboard and mouse biometrics. Every day these and other companies develop more sophisticated tools to identify the user.
Implications for self-service
In Frost & Sullivan’s last survey of the kiosk industry we saw that banking and financial kiosks and Internet access terminals generated more than 10 percent of revenues from kiosk sales. These types of kiosks will be used to access Web sites that fall under the jurisdiction of the FFIEC guidance.
Even more importantly, a user endeavoring to access his bank’s Web site through such a terminal to conduct time-sensitive financial transactions will fail the authentication tests that already are installed at financial institutions like Wells Fargo, Countrywide, Vanguard and others.
The FFIEC guidance has made online banking a huge step safer for consumers everywhere, but it puts one more hurdle in front of those who want to bank from public terminals.
It is expected that this FFIEC guidance is likely to quickly become a best practice for all forms of consumer online services. Kiosk hardware and software vendors must take note: Work with security companies now to ensure that users accessing today’s financial Web sites, and tomorrow’s e-commerce sites, will be able to pass authentication challenges without compromising personal information.
Posted by: Rufus Connell AT 10:32 am   |  Permalink   |  0 Comments  |  

Post comment
Email Address

(max 750 characters)
Verify image below
* Required Fields
Note: All comments are subject to approval. Your comment will not appear until it has been approved.


Our members are among the most prominent and respected suppliers of digital signage, kiosk, self-service and mobile technology solutions.

Request project help from DSA members

 The Perspective 
Latest Posts

Janet Webster, Creative Solutions Consulting

"Being a member of DSA is extremely beneficial. It's a great organization that helps its members to achieve their goals."

Janet Webster
Creative Solutions Consulting

Tweets by @iDigScreenmedia

Digital Screenmedia Association | 13100 Eastpoint Park Blvd. Louisville, KY 40223 | Phone: 502-489-3915 | Fax: 502-241-2795



Website managed by Networld Media Group