Boston, MA
December 2005

Online Authentication:  Response To FFIEC Guidance


In November 2005, the Federal Financial Institutions Examination Council (FFIEC) released updated guidance designed to further assist online banks and financial institutions with the development of online authentication procedures.  The updated guidance urged banks and financial institutions engaged in sensitive online customer service to identify higher risk transactions and secure them with multifactor authentication.  In its report “Online Authentication:  Response to FFIEC Guidance,” Mercator Advisory Group identifies and examines online authentication technologies banks and financial institutions might use to protect online transactions.

“Multifactor authentication has been recommended by the FFIEC as a more secure authentication method for online transactions; however, these technologies alone are not enough to protect online customers,” according to Michael Friedman, Director of Mercator Advisory Group’s Emerging Technologies Service and author of this report.  “Multifactor authentication is a necessary link in the security chain, but it is by no means sufficient to solve the problems presented by fraud to a loyal and profitable segment of a financial institution’s portfolio – the online customer.”

The report identifies the leading technologies used to perform multifactor authentication.  Technologies are ranked according to their effectiveness at authenticating customers, the relative cost of implementation and the relative cost to users in terms of additional hardware and time spent authenticating themselves online.  The ability of multifactor authentication to prevent online fraud is also discussed as are additional counter measures financial institutions should and do implement to address this growing problem.

Also included in the report is a discussion of online fraud perpetration mechanisms, better known as phishing.  The report identifies the main means by which phishing may be conducted and what financial institutions can and cannot hope to do in order to suppress the effectiveness of phishing schemes.

One of four exhibits included in this report

The report is 28 pages and contains 4 exhibits.

Members of Mercator Advisory Group have access to these reports as well as the upcoming research for the year ahead, presentations, analyst access and other membership benefits. Please visit us online at

For more information call Mercator Advisory Group’s main line: 781-419-1700 or send email to