CUs Must use Multi-Factor Identification By End of 2006
All credit unions and banks will be required to adopt multi-factor identification for online financial transactions by the end of 2006, NCUA and the banking regulators announced last week. A directive issued by the Federal Financial Institutions Examination Council, comprised of all the financial regulators, stated that single-factor authentication used to identify online customers, such as a password or PIN, is inadequate for high-risk transactions involving access to customer information or the transfer of funds from an individual's account. Multi-factor authentication requires an additional layer of security and requires at least a second, or even a third, form of identification. The new directive comes as online fraud scams, such as identity theft, phishing or pharming, are plaguing growing numbers of financial institutions and their customers/members. The regulators also said that credit unions and banks should ensure they have reliable methods of originating new customer accounts online, as required under the US PATRIOT Act. The directive, which can be obtained from NCUA, is known as "Authentication in an Internet Banking Environment."