RSA's March announcement that hackers breached its electronic authentication system, used by thousands of financial firms and their customers, put renewed emphasis on the shape of upcoming regulatory guidance from the Federal Financial Institutions Examination Council. The FFIEC's 2005 recommendations on authenticating banking transactions focused on multi-factor authentication, which requires account holders to provide a user name and password, plus an additional identifier, such as information known only to the account holder or a code generated by a token, to access accounts. Given the rise in electronic transaction fraud, the FFIEC is expected to push for additional layers of security.
Whoever hacked into RSA's system extracted information related to its SecurID two-factor authentication product, which generates such token codes.
"While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack," Art Coviello, executive chairman of RSA, a division of EMC, said in a March 17 letter to customers.
Complete your profile to continue reading and get FREE access to Treasury & Risk, part of your ALM digital membership.
Your access to unlimited Treasury & Risk content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Thought leadership on regulatory changes, economic trends, corporate success stories, and tactical solutions for treasurers, CFOs, risk managers, controllers, and other finance professionals
- Informative weekly newsletter featuring news, analysis, real-world case studies, and other critical content
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the employee benefits and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
Already have an account? Sign In Now
*May exclude premium content© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.