Rapid, Cost-Effective FFIEC Guidance and PCI DSS Regulatory Compliance
You need security2
From big banks to start-ups and online institutions, we are trusted to secure a wide variety of financial services providers and their customers. We offer a wide variety of two-factor authentication tokens, including virtual tokens.
Because passwords & pins are prehistoric
Passwords and credit card pins offer little protection against cyber threats. Multi-factor authentication is a crucial component of a solid security plan. We make it easier than ever to earn regulatory compliance.
Quickly Deploy Regulatory Compliant MFA
Deploying Multi-Factor Authentication (MFA) with SurePassID is the fastest path to compliance with FFIEC guidance and PCI DSS. SurePassID’s one-click installer is compatible with most legacy IT infrastructures and supports VPNs, RADIUS and TACACS.
According to the Federal Financial Institutions Examination Council (FFIEC), authentication in an Internet Banking Environment calls for, “effective methods to authenticate the identity of customers.” Single-factor authentication is the only control mechanism the FFIEC considers inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties.
The FFIEC’s Supplement to Authentication in an Internet Banking Environment reinforces the Guidance’s risk management framework and updates the expectations regarding customer authentication, layered security, and other controls in the increasingly hostile online environment. In particular the Supplement calls for the use of “dual customer authorization through different access devices” in a “layered security program,” such as the end-to-end solution that SurePassID provides.
The Payment Card Industry Data Security Standards (PCI DSS) mandate that organizations which “hold, process, or pass cardholder information” must meet a minimum level of security. Part of this security is protecting remote access logins with strong authentication. Specifically, section 8.3 says that organizations must:
Implement two-factor authentication for remote access to the network by employees, administrators, and third parties. Use technologies such as remote authentication and dial-in service (RADIUS) or terminal access controller access control system (TACACS) with tokens; or VPN (based on SSL/TLS or IPSEC) with individual certificates.
SurePassID is compatible with almost any authentication method and device, including:
- Mobile OTP App (smart phones, tablets) – installed on user’s device
- Browser OTP (desktops, laptops, tablets, smart phones) – installed on user’s device
- Push Authentication – mobile app downloadable from the app stores or directly integrated into the bank’s mobile banking app via our rich set of API’s. User is presented with a pop-up notification that prompts to “Approve” or “Deny” the login attempt.
- FIDO Virtual Mobile U2F – A SurePassID Exclusive: FIDO Universal 2-Factor (U2F) authentication using the mobile phone’s built-in fingerprint sensor to release a registered virtual FIDO token. Stronger than just a fingerprint and helps prevent fingerprint spoofing. No fingerprint sensor? No problem, simply use a PIN code or voice biometric or facial recognition coupled with the Virtual FIDO U2F token for a password-less experience.
Very Low Cost:
- Push SMS OTP – similar to Mobile OTP app but instead, the user receives a 6-digit OTP via text message and must enter it into the requesting application. Cost: 1 penny per text.
- Push SMS Challenge – similar to Mobile OTP but the user needs to only reply with a ‘Y’ via text message to allow access. No need to enter a 6 digit OTP. Cost: 1 penny per text.
- PassFaces – installed on user’s device
- Matrix Cards – Challenge-response ISO 7810-compliant printed cards; issued to users. Low tech, very inexpensive “bingo card” style solution.
- FIDO Device Authenticators – Password-less and biometric hardware tokens; issued to users
- OneCard – World’s first all-in-one converged logical and physical security credential and ID badge; issued to users
- OTP Display Cards – ISO 7816 and OATH compliant authenticator cards with display, optional on-card PIN pad, mag stripe, EMV or PKI chip; issued to users
- Dynamic CVx Credit Cards – ISO 7816 compliant, brandable credit cards with a small display on the back in place of the printed CVV/CVC code. Display automatically changes every x minutes (bank defined, no user behavior change). Or user presses one-button on-demand CVx code. Issuable as a Visa or Mastercard. The Dynamic CVx code ELIMINATES card-not-present fraud for online and mobile channels.
- OTP Keyfobs & Mini-Keyfobs – Traditional hardware tokens; issued to users
- Third Party OTP Tokens – OATH-compliant and proprietary RSA tokens; issued to users