1 / 12

AUTHENTICATION IN AN INTERNET ENVIRONMENT

This guidance addresses the urgent need for effective authentication in online environments, particularly within the NCUA framework. Due to changing privacy and security regulations and rising identity theft incidents, organizations must evaluate and strengthen their authentication methods. Best practices include implementing multifactor authentication, layered security, and monitoring systems for unauthorized access. The objective is to safeguard member information, reduce fraud, prevent money laundering, and ensure legal enforceability of transactions. Ongoing risk assessments and member education are vital to enhance security measures effective by 2026.

yank
Télécharger la présentation

AUTHENTICATION IN AN INTERNET ENVIRONMENT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AUTHENTICATION IN AN INTERNET ENVIRONMENT Dominick E. Nigro NCUA Information Systems Officer

  2. Reason For Guidance • Changes to Privacy and Security Regulations • Increased Incidents of Identity Theft/Fraud • Authentication Methods Contribute to Identity Theft/Fraud • Authentication Technology Advances

  3. Why Effective Authentication? • Safeguard Member Information • Reduce Fraud/Identity Theft • Prevent Money Laundering and Terrorist Financing • Promote Legal Enforceability of Electronic Agreements and Transactions • Reduce Risk of Business with Unauthorized Individuals

  4. What does NCUA expect? • Assess the Authentication Risks associated with Internet Based Services • Assess effectiveness of Authentication Methodology • Implement/Review program to Monitor Systems • Determine reporting policies/procedures in place if Unauthorized Access occurs • Evaluate Member Awareness Program

  5. Authentication Risk Assessment • Identify all Access and Transactions associated with Internet-based products and services • Determine if Internet Based Services provide High Risk Transactions • Identify Authentication Methods used for Internet Based Services • Determine effectiveness of Authentication Methods for High Risk Transactions

  6. Member Account Authentication • If Risk Assessment identifies inadequate Authentication for High Risk Transactions • Multifactor Authentication • Layered Security • Other Controls

  7. Authentication Methods • Multifactor Authentication • Something the user knows (pin/password) • Something the user has (smart card/token) • Something a user is (biometrics, fingerprint)

  8. Authentication Methods • Layered Security – Multiple controls and multiple control points • Other Controls – Technology and controls that are emerging or that may be introduced in the future

  9. Monitoring Systems • Detection of Unauthorized Access • Implement Audit procedures which • Assist in detection of fraud • Money laundering • Compromised passwords • Other unauthorized activities

  10. Reporting Requirements • Unauthorized Access Requires Notifying • Management • NCUA Regional Director • Appropriate Law Enforcement • Filing Suspicious Activity Report • Member Notification • Appendix B of Part 748 of NCUA RR

  11. Member Awareness Programs • Key to reduce Fraud and Identity Theft • Implement/Revise Member Awareness Program • Evaluate Education efforts • Identify additional efforts

  12. Conclusion • Assess Risk of Internet-based products and services • Establish effective Authentication methods • Monitor systems for Unauthorized Access • Report Unauthorized Access • Notify Members of Unauthorized Access, if warranted • Educate members • Complete process by Year-end 2006

More Related