Credit Unions Risk-Assessment for High-Risk Transactions

Risk Assessment can help with the Authentication Processs 

Due to the increasing frequency of identity thefts via Internet banking, federal regulators are requiring all financial institutions to implement a multi-factor authentication (MFA) system. With 52 million Internet banking records reported lost in 2005 alone, the move to make layered security changes is necessary and commendable, albeit challenging, according to Raj Patel, a partner in the Technology Consulting and Solutions practice at Midwest-based Plante & Moran PLLC.

Patel notes that token devices and smart cards, currently in use for commercial customers, can be used to satisfy the requirement but are extremely expensive to implement for consumers. At the same time, the more cost-effective solutions are confusing and fail to fully meet MFA requirements.

"Some credit unions have implemented solutions that track the identification of the desktop that a member uses to log onto his Internet banking site, but such tracking does not address the situation of a member logging in from a work computer," says Patel. "Accordingly, user-specific questions need to be asked to verify identity."

Patel points out that product solutions are actually the second piece of the MFA process; the first step towards MFA compliance is risk assessment. Patel is advising his clients to use one of three risk assessment approaches, depending on the overall multi-factor security strategy, and has created a proprietary risk assessment template to aid clients in determining which authentication approach is best.