The multiple online channels financial institutions and other payment service providers (PSPs) use to facilitate e-banking and e-commerce remain a growing and irresistible target for sophisticated cyber criminals.
This, along with an intricate labyrinth of global regulations and guidance, is a major compliance challenge for Financial Institutions.
In response to rising fraud levels the European Central Bank (ECB) published six recommendations for the security of internet payment operations in an effort to identify major vulnerabilities, nurture a common knowledge and understanding of inherent risks among European Union (EU) Member States, and establish a foundation for consistent regulatory oversight of payment services, systems and schemes.
Strong Customer Authentication
Risk Control and Mitigation
Monitoring and Reporting
Customer Identification and Information
The United States has seen similar regulation, guidance and controls evolve over the years.
In recent time, the FFIEC stated that firms are expected to use enhanced authentication methods when verifying online customers and that single-factor authentication — when used as the only control mechanism — is inadequate for high-risk transactions involving access to customer information or the movement of funds.
Even the FDIC has called on banks to do more to protect the security and confidentiality of sensitive customer data in order to prevent account takeover. Additionally, as other legislative initiatives are approved — for example, those associated with mobile banking — Financial Institutions seek to gain compliance while maintaining a positive customer experience.