Latest News

VASCO Questions FFIEC’s Supplementary Recommendations for a More Secure Internet Banking Environment


VASCO believes that the original (2005) guidelines were not strong enough, and resulted in breaches. Due to the vagueness of the 2005 guidelines, many banks chose inexpensive but unsafe security measures including questionnaires about their mother’s maiden name and the color of their pets’ paws. This "meets minimum approach" has made the U.S. banking sector the target of internationally organized fraud schemes. The 2011 addendum to the FFIEC’s recommendation for a more secure Internet banking is, according to VASCO, a step in the right direction, but not nearly good enough.

The much anticipated recommendations do emphasize the importance of periodic risk assessments, layered security and appropriate customer authentication mechanisms as to mitigate risks against increasingly sophisticated fraud schemes. The council advocates more complex authentication mechanisms be put in place to protect retail as well as business customers against account hacking and identity theft. As proven abroad, only the implementation of strong two-factor authentication, including the use of electronic signatures to neutralize man-in-the-middle attacks, is an efficient method to make online banking a safer business channel.

VASCO, as a world leader in authentication, has one of the most complete lines of security products and services for strong user authentication and e-signatures available in the market today, helping financial organizations comply with FFIEC’s recommendations. With over 1,700 financial institutions worldwide in its customer base, the company already demonstrated its expertise and experience in securing customer credentials and financial transactions.

VASCO’s range of e-signature solutions guarantees transaction security and protects customers against man-in-the-middle attacks. The electronic signature is calculated using unique factors including the components of the specific transaction such as transaction amount and destination, source account information as well as timer and counter values. An e-signature allows the bank to verify that a transaction was initiated by the genuine end-user; if the transaction is not validated, the signature will be rendered useless. Consequently, the banking server can flag the transaction as possible fraud and act accordingly. The end-user in turn can rest assured that his transaction was not altered in transit.

Ken Hunt


VASCO is a leading supplier of strong authentication and e-signature solutions and services specializing in Internet security applications and transactions. VASCO has positioned itself as a global software company for Internet security serving a customer base of approximately 10,000 companies in more than 100 countries, including more than 1,700 international financial institutions. VASCO’s prime markets are the financial sector, enterprise security, e-commerce and e-government.

Forward Looking Statements:

December 31, 2009

This document may contain trademarks of VASCO Data Security International, Inc. and its subsidiaries, including VASCO, the VASCO "V" design, DIGIPASS, VACMAN, aXsGUARD and IDENTIKEY

Jochem Binst [email protected]

SOURCE VASCO Data Security International Inc.

Leave a comment

seks shop - izolasyon
basic theory test book basic theory test