OCC Bulletin 2006-35| August 15, 2006
Authentication in an Internet Banking Environment: Frequently Asked Questions
Chief Executive Officers of All National Banks, Federal Branches and Agencies, Technology Service Providers, Department and Division Heads, and All Examining Personnel
The guidance attached to this bulletin continues to apply to federal savings associations.
The Federal Financial Institutions Examination Council (FFIEC) member agencies today released frequently asked questions (FAQs) to aid in the implementation of the interagency guidance on Authentication in an Internet Banking Environment, issued with OCC's Bulletin OCC 2005-35, dated October 12, 2005.
The authentication guidance specifically addresses the need for risk-based assessment, customer awareness, and security measures to reliably authenticate customers remotely accessing their financial institutions' Internet-based financial services. The authentication guidance applies to retail and commercial customers. The FAQs are designed to assist financial institutions and their technology service providers in conforming to the guidance by providing information on the scope of the guidance, the time frame for compliance, risk assessments, and other issues.
For further information on or questions concerning the guidance, contact the Bank Information Technology Division at (202) 649-6340.
Mark L. O'Dell
Deputy Comptroller for Operational Risk