AUTHENTICATION IN AN INTERNET ENVIRONMENT - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

AUTHENTICATION IN AN INTERNET ENVIRONMENT

Description:

AUTHENTICATION IN AN INTERNET ENVIRONMENT. Dominick E. Nigro. NCUA Information Systems ... Changes to Privacy and Security Regulations. Increased Incidents of ... – PowerPoint PPT presentation

Number of Views:29
Avg rating:3.0/5.0
Slides: 13
Provided by: basi61
Category:

less

Transcript and Presenter's Notes

Title: AUTHENTICATION IN AN INTERNET ENVIRONMENT


1
AUTHENTICATION IN AN INTERNET ENVIRONMENT
  • Dominick E. Nigro
  • NCUA Information Systems
  • Officer

2
Reason For Guidance
  • Changes to Privacy and Security Regulations
  • Increased Incidents of Identity Theft/Fraud
  • Authentication Methods Contribute to Identity
    Theft/Fraud
  • Authentication Technology Advances

3
Why Effective Authentication?
  • Safeguard Member Information
  • Reduce Fraud/Identity Theft
  • Prevent Money Laundering and Terrorist Financing
  • Promote Legal Enforceability of Electronic
    Agreements and Transactions
  • Reduce Risk of Business with Unauthorized
    Individuals

4
What does NCUA expect?
  • Assess the Authentication Risks associated with
    Internet Based Services
  • Assess effectiveness of Authentication
    Methodology
  • Implement/Review program to Monitor Systems
  • Determine reporting policies/procedures in place
    if Unauthorized Access occurs
  • Evaluate Member Awareness Program

5
Authentication Risk Assessment
  • Identify all Access and Transactions associated
    with Internet-based products and services
  • Determine if Internet Based Services provide High
    Risk Transactions
  • Identify Authentication Methods used for Internet
    Based Services
  • Determine effectiveness of Authentication Methods
    for High Risk Transactions

6
Member Account Authentication
  • If Risk Assessment identifies inadequate
    Authentication for High Risk Transactions
  • Multifactor Authentication
  • Layered Security
  • Other Controls

7
Authentication Methods
  • Multifactor Authentication
  • Something the user knows (pin/password)
  • Something the user has (smart card/token)
  • Something a user is (biometrics, fingerprint)

8
Authentication Methods
  • Layered Security Multiple controls and multiple
    control points
  • Other Controls Technology and controls that are
    emerging or that may be introduced in the future

9
Monitoring Systems
  • Detection of Unauthorized Access
  • Implement Audit procedures which
  • Assist in detection of fraud
  • Money laundering
  • Compromised passwords
  • Other unauthorized activities

10
Reporting Requirements
  • Unauthorized Access Requires Notifying
  • Management
  • NCUA Regional Director
  • Appropriate Law Enforcement
  • Filing Suspicious Activity Report
  • Member Notification
  • Appendix B of Part 748 of NCUA RR

11
Member Awareness Programs
  • Key to reduce Fraud and Identity Theft
  • Implement/Revise Member Awareness Program
  • Evaluate Education efforts
  • Identify additional efforts

12
Conclusion
  • Assess Risk of Internet-based products and
    services
  • Establish effective Authentication methods
  • Monitor systems for Unauthorized Access
  • Report Unauthorized Access
  • Notify Members of Unauthorized Access, if
    warranted
  • Educate members
  • Complete process by Year-end 2006
Write a Comment
User Comments (0)
About PowerShow.com