Multi-Factor Internet Log-In Required OfAll CUs

WASHINGTON - (10/14/05) -- All credit unions and banks will berequired to adopt multi-factor identification for online financialtransactions by the end of 2006, NCUA and the banking regulatorsannounced Thursday. A directive issued by the Federal FinancialInstitutions Examination Council, comprised of all the financialregulators, stated that single-factor authentication used toidentify online customers, such as a password or PIN, is inadequatefor high-risk transactions involving access to customer informationor the transfer of funds from an individual's account. Multi-factorauthentication requires an additional layer of security andrequires at least a second, or even a third, form ofidentification. The new directive comes as online fraud scams, suchas identity theft, phishing or pharming, are plaguing growingnumbers of financial institutions and their customers/members. Theregulators also said that credit unions and banks should ensurethey have reliable methods of originating new customer accountsonline, as required under the US Patriot Act. The directive, whichcan be obtained from NCUA, is known as Authentication in anInternet Banking Environment.