Read this before you take multi-factor plunge

摘要

Banks offering internet-based services have been wrestling with a thorny issue since last year's regulatory fiat on authentication methods. Few recent compliance challenges have been the subject of so much misinformation, rumor, and misunderstanding. The interagency announcement, "Authentication in an Internet Banking Environment," issued in mid-October 2005 by the Federal Financial Institutions Examination Council, requires that banking companies review their internet-based offerings and determine which should be subjected to enhanced authentication measures on the behalf of both commercial and consumer customers. The exercise is not only supposed to be completed by yearend, but areas of weakness identified in the course of the review are expected to have been addressed through improved procedures.