WASHINGTON - The four federal bank and thrift agencies have issued guidelines for confirming the identity of electronic bank customers and combating high-tech fraud.
The 12-page document advises electronic banking service providers to use a combination of customer passwords, access cards, or biological characteristics such as fingerprints or retinal patterns.
"Single-factor authentication alone may not be commercially reasonable or adequate for high-risk applications and transactions," one section reads. "Instead, multifactor techniques may be necessary."
The regulators also said it is riskier to accept new customers electronically than at branches because of the "absence of the physical cues that bankers traditionally use to identify individuals," such as asking for a driver's license or other photo ID.
The guidelines, issued last week, recommend verifying a potential customer's identity by comparing questionnaire responses against information from a trusted source, such as a credit report; checking if the applicant's telephone area code, ZIP code, and street address correspond with the company's information; and consulting fraud databases.
They also suggest establishing monitoring systems to detect unauthorized access to computer networks.
The guidelines are available at http://www.occ.ustreas.gov/ftp/advisory/2001-8a.pdf.
