October 5, 2011
A new report from IDC Financial Insights urges U.S. banks to regularly examine the security controls they have in place to ensure they are providing adequate protection.
The report entitled “Methods and Practices: Managing Transaction Risk—Treasurers Trust Their Banks” highlights the importance of exceeding the Federal Financial Institutions Examination Council's newly published expectations on internet banking authentication, the need for diligent control of environments from security providers, and the bank's responsibility to effectively communicate with corporate treasury clients regarding the role each must play in securing transactions and employing security controls.
Both financial institutions and their clients have increased responsibility to ensure that banking sessions remain secure and controls are adequate, particularly in light of the increasing frequency of attacks targeting corporate treasury accounts and banking solutions. However, according to a recent survey of North American corporate treasurers regarding their satisfaction with the security controls offered by their banks, IDC Financial Insights found that respondents were mostly complacent in assuming that their banks have provided adequate protection. Financial institutions are viewed as a trusted partner and as a result, clients look to their banks to determine what controls to use and expect the bank to maintain appropriate security levels.
The new FFIEC supplemental guidelines include certain “supervisory expectations” regarding how institutions should protect online customers, both corporate and commercial, and their online interactions. The new supplement underscores the need for ongoing risk assessment and the critical need to implement effective strategies for mitigating risk.
This report provides an analysis of recent court cases involving major security breaches from a corporate banking portal with the finding that there is no explicit line separating reasonable controls from unreasonable controls. It is necessary for banks to stay abreast of developments in security controls and also ensure that adequate controls are in place to detect fraudulent transactions.
“Although corporate clients are comfortable with the security solutions provided by their banks, there remains a need to continue to improve controls—both to keep pace with change and remain in compliance with ‘commercially reasonable’ controls and to keep out of the courtroom” says Jeanne Capachin, research vice president, IDC Financial Insights. "The fraud landscape is changing and banks that focus on evolving their security features to combat these threats will earn the trust of their customers.”