Guidance on Authentication in an Internet Banking Environment- Flashcards
Acme Bank offers its customers Internet banking that includes bill payment services, wire transfer initiation, and access to customer account history. Acme has had to spend a substantial amount of money implementing a multifactor authentication system that will continue to be fairly expensive to operate. Which of the following is the best alternative for Acme that will allow the bank to be in compliance with the FFIEC guidance?
a. The bank could provide the multifactor authentication to all customers who use the Internet banking services.
b. The bank could discontinue offering Internet banking to its customers.
c. The bank could ask its customers to choose which type of authentication they will use, and disclose the risks involved if the customer decides not to use multifactor methods.
d. The bank could restructure its Internet banking product to restrict customer account information and allow transfers only to other accounts owned by the customer.
a. The bank could provide the multifactor authentication to all customers who use the Internet banking services.
To which of the following activities does the FFIEC Guidance on Authentication apply?
a. Internet banking only
b. Telephone and Internet banking
c. Call center banking only
d. Internet, telephone, and call center banking
d. Internet, telephone, and call center banking
Bob Jones, president of First National Bank, does not believe the bank has to do anything to comply with the FFIEC Interagency Guidance. The bank has an information-only Web site, does not offer any online Internet banking services, and only offers telephone banking at this time. Which of the following statements best describes the bank’s responsibility?
Statement 1: The bank does not offer any Internet banking services, so it does not need to worry about the Interagency Guidance at this time.
Statement 2: First National Bank should conduct a risk assessment on their telephone banking services. They should provide written support for the low risk and adequacy of single-factor authentication.
Statement 3: Telephone banking service offers only standard balance and transfer between accounts. No risk assessment is required.
Statement 4: The bank should have information on fraud and identity theft inserted on its Web site for customer awareness. Information should also be available in the bank lobby and should be evaluated periodically.
a. Statement 1 only
b. Statement 2 only
c. Statements 1 and 2
d. Statements 2 and 4
d. Statements 2 and 4
