Security in Electronic Banking

Issue

With the growth of electronic banking have come new forms of security risks. The challenge is to address these risks without impairing further development of electronic banking, a platform popular with customers and rich in potential for advances in productivity, efficiency, and quality and range of services.

Position Statement

ABA will continue to work with the financial industry and government agencies to ensure that electronic banking provides for secure transactions and supports the legitimate and achievable needs of law enforcement in such areas as detecting and preventing criminal activities and terrorism, including money laundering, tax evasion, and financial crimes. However, ABA believes it is critical that financial institutions have the flexibility to select suitable security technologies, policies, and procedures to manage their electronic security risk. Any regulatory requirements and/or guidelines on electronic banking security should also be carefully crafted to take into account the potential detrimental effect regulatory and operational burdens can place on small banking organizations.

Explanation

It is essential to the success of electronic banking systems that they be developed and operated in a secure manner. This concern, while not new, is exacerbated by today's more extensive access to computer technology, along with the persistent risk of unauthorized access, network attacks, and emerging threats such as phishing, spear phishing, man-in-the-middle schemes, spyware scams, and so forth. The safety of financial institutions, as well as the integrity of the nation's payments system, and customer confidence in that system, necessitate that special attention be given to the security of electronic banking systems.  Banks have both the expertise and the highest interest in being successful.

Banks are active participants in electronic banking, with an outstanding record of maintaining high levels of information security and protecting confidential customer information. In 2011 the Federal Financial Institutions Examination Council (FFIEC) issued supplementary guidance, "Authentication in an Internet Banking Environment," affirming the importance of verifying that parties accessing banking information via the Internet are the real account holders. The guidance requires that banks conduct a risk assessment of their operations and implement additional measures if required. The guidance very wisely and appropriately does not mandate a specific technological solution but notes that shared secrets, tokens, and biometrics can be considered as well as software based techniques that analyze the users' physical location and their historical record of online banking activity. Further, encryption of data and the truncating of sensitive information revealed on an accessed account screen can also be considered as risk mitigators. ABA will continue to work with its members and the banking supervisory agencies to evaluate the effectiveness of this program and the fairness of the first round of examinations under the new guidance.

ABA will persevere in its work with the regulatory agencies, including the FFIEC and other industry groups, to ensure that customer information continues to be protected and that only authenticated customers have online banking access.

 

 Newsbytes

 

​Contact for further information: Heather Wyson.

 

 ABA Staff

 
 

 Related Resources