Banking: SECU Turns to Corillian to Meet FFIEC Deadline > Windows in Financial Services

| Login

Windows in Financial Services offers a monthly e-newsletter providing the latest information on Microsoft’s growing role in the finance industry.

eNews Archives

eNews

Current Articles | Categories | Search | Syndication

Banking: SECU Turns to Corillian to Meet FFIEC Deadline

State Employees’ Credit Union, the second largest credit union in the United States, has selected two of Corillian’s fraud prevention products to comply with the Federal Financial Institutions Examination Council’s end-of-year deadline for multi-factor authentication and to fight fraud. “We selected Intelligent Authentication for its ability to provide strong, FFIEC-compliant authentication without compromising our member experience and convenience of our online platform,” said Rick Rhoads, senior vice president of eServices for SECU.

The implementation of the Intelligent Authentication product will put SECU in compliance with the “guidance” that the FFIEC issued on Oct. 12 of last year in its report titled “Authentication in an Internet Banking Environment.” That guidance said, among other things, that “Single-factor authentication methodologies may not provide sufficient protection for Internet-based financial services.”

The guidance didn’t specify what the solution should be, but it was generally taken to mean that the password approach commonly used for online banking is not strong enough, and that an extra layer of protection is needed.

“The guidelines were left vague, but it said that the user name and password is inadequate, and that financial institutions should have an additional layer, and a less passive-aggressive method of protecting banking customers and high-risk transactions,” said Steve Shaw, Corillian’s corporate communications manager.

Intelligent Authentication is a multi-factor authentication method that in addition to user name and password, also examines a number of other behavior patterns that the customer uses to access the online banking site, factors like time of day or location of the computer that is accessing the site. So for example, if a customer logged in on vacation from a computer that he or she didn’t normally use, a second question would be posed to that customer to verify his or her identity. Corillian showed the product to an FFIEC member who helped write the guidelines and was told that Intelligent Authentication met the requirements.

Separately, the Corillian Fraud Detection System monitors activity on a Web site and produces detailed reports on suspicious activity. When a phishing site is being set up, while the fake site is under development it is linked to the site it will be mimicking. “We have proactively been able to detect phishing sites before they’re launched,” Shaw said.

The security products were not the first tools that SECU has bought from Corillian – the two companies have a long history.

“Our partnership with Corillian began in 1998, with the integration of the Corillian Voyager platform,” said Rhoads, adding that they also have implemented Corillian’s payments solution.

“They had showed interest and looked at the products before but I think the guidelines pushed this forward,” Shaw said.