WASHINGTON – The following are some key points culled from the FFIEC's guidance on authenticating users online. NCUA is expected to release a Letter to CUs on the issue later this year. Secure password measures: * Six character passwords that are alpha-numeric can be more effective than the common four character passwords; * Restrict the use of automatic log-in features; * Establish strong procedures for disabling passwords; * Establish strong procedures for password resets by forcing a password change at the next log-on; * Review password exception reports; * Lock users out after five failed attempts to log-on to a system; * Terminate user connections after a specified interval of inactivity. Industry practice is generally not more than 20 to 30 minutes; * Incorporate mult-factor authentication for sensitive internal or high value systems; Ways to verify personal information online for account origination: * Positive Verification. Compare a user's identity to a series of questions related to information from a trusted database (e.g., a reliable credit report). * Logical Verification. Ensure information provided by users is logically consistent (e.g., Do the telephone area code, ZIP code and street address match?). * Negative Verification. Application information can be compared against fraud databases to determine whether any of the information is associated with known incidents of fraudulent behavior.
Complete your profile to continue reading and get FREE access to BenefitsPRO, part of your ALM digital membership.
Your access to unlimited BenefitsPRO content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking benefits news and analysis, on-site and via our newsletters and custom alerts
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the property casualty insurance and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.