Previous Document IconPrevious Info Memo

Next Document IconNext Info MemoExam Manual Table of Contents IconList of Info Memos

Informational Memorandum
Subject:Guidance on Authentication in an Electronic Banking Environment
Date of Memorandum:07/02/2002
Expiration Date:
Office:OE
Signed By:Smith, Roland
FCA Contact Person:Glenn, Thomas
Contact Phone:703-883-4412
List of Attachments:None




INFORMATIONAL MEMORANDUM


July 2, 2002


To: The Chief Executive Officer
All Farm Credit System Institutions

From: Roland E. Smith, Director
Office of Examination

Subject: Guidance on Authentication in an Electronic Banking Environment


This Informational Memorandum notifies Farm Credit System (FCS) institutions of Federal Financial Institutions Examination Council (FFIEC) guidance to financial institutions on authenticating users of electronic banking services. FCS institutions that offer, or plan to offer, Internet-based electronic banking services to their customers may find this guidance helpful. A copy of the FFIEC’s guidance can be obtained at the following link:

As a customer’s business with a FCS institution migrates from paper-based, person-to-person transactions to remote electronic access and transaction initiation, the risk of doing business with unauthorized or incorrectly identified people must be evaluated. Failure to control this risk by implementing an authentication program could result in both financial loss and reputation damage to your institution. Effective authentication can help reduce fraud and promote the legal enforceability of electronic agreements and transactions. For this reason Farm Credit Administration (FCA) examiners will evaluate FCS institutions’ authentication program.

The success of an authentication program depends not only on technology, but developing and enforcing effective policies, procedures and controls. The FFIEC guidance emphasizes the following points:

The authentication program must support the institution’s overall security and risk assessment programs. Before implementing an authentication program, you must assess the risk of the institution’s electronic banking systems in light of the type of customer, the institution’s transaction capabilities, the sensitivity and value of the stored information to both the institution and customer; the ease of using the method; and the size and volume of the transactions. You must do an assessment whether you manage the electronic banking process or a vendor does this for you. You must use reliable methods to verify a person’s identity during the account origination process as well as before granting an established customer access to on-line banking systems.

Your authentication program must include audit and monitoring features that can assist in detecting fraud, unusual activities and compromised entry, as well as promote operating efficiency.

You should also review FCA’s October 2, 2000 Informational Memorandum on E-commerce and Security Risks for additional guidance.

If you have any questions about this memorandum, please call Tom Glenn, Special Examination and Supervision Division, Office of Examination, at (703) 883-4412, or write on the Internet at e-mail address Glennt@fca.gov.