Multifactor Authentication: Forging Ahead in 2007
AbstractBoston, MA, USA July 23, 2007
Contrary to popular belief, MFA solutions are not running at full speed at many US banks and several are still tackling a number of outstanding issues in 2007.
The deadline imposed by the Federal Financial Institutions Examination Council (FFIEC) has come and gone. Banks scrambled to conduct their risk assessments and to select their multifactor authentication (MFA) solution. At this point one would think that US banks have fulfilled all requirements and would be sitting comfortably with their individual responses. But while the majority of banks certainly got as far as conducting a risk assessment, only about 50% managed to have a solution in place by year end 2006 for retail banking.
Midway through 2007, a fair percentage of banks are still pondering what to do. One would imagine that this would be a fairly simple and straightforward endeavor. However, MFA is still wreaking havoc among banks of all sizes. Contrary to popular belief, MFA solutions are not running at full speed at many US banks.
In a new report, , Celent examines and analyzes the outstanding MFA issues that banks are tackling in 2007. Having a solution in place for retail online banking isn't enough. Banks are busy tackling solutions for small business and corporate online banking. Furthermore, while many banks have selected a solution for online banking, few have tackled other electronic banking channels such as the telephone or mobile banking. Additionally, many banks are under the impression that certain educational programs such as those related to MFA are one shot deals. This is simply not true. While the overwhelming majority of retail customers will grasp the concept and successfully go about their banking, they will not see the bigger picture. This can represent a significant danger to the customer and can render security efforts useless. Banks have to make sure they are constantly on top of educating their customers regarding secure banking best practices.
The report also analyzes the use of MFA by Canadian banks. Even though the FFIEC guidance does not apply to them, Canadian banks have been following the play by play in order to determine what course of action, if any, they should be taking. MFA is a reality in the Canadian banking marketplace. 44% of Canadian banks were up and running with a MFA solution in 2006. By year end 2007, 67% of Canadian banks will have launched a MFA solution.
"Multiple MFA dilemmas are still plaguing the banking industry," says Jacob Jegher, senior analyst in Celent's Banking group and author of the report. "Although some are still taking care of the online channel, banks are being challenged to launch solutions for other channels including telephone and mobile. 2007 will be a repeat of what occurred in 2006--banks will be scrambling to deploy MFA although this time most will be focusing on channels other than online."
This 27-page report contains six figures and two tables. A table of contents is available online.
Members of Celent's Retail Banking and Wholesale Banking research services can download the report electronically by clicking on the icon to the left. Non-members should contact firstname.lastname@example.org for more information.
Celent is a research and advisory firm dedicated to helping financial institutions formulate comprehensive business and technology strategies. Celent publishes reports identifying trends and best practices in financial services technology and conducts consulting engagements for financial institutions looking to use technology to enhance existing business processes or launch new business strategies. With a team of internationally based analysts, Celent is uniquely positioned to offer strategic advice and market insights on a global basis. Celent is a member of the Oliver Wyman Group, which is a wholly-owned subsidiary of Marsh & McLennan Companies [NYSE: MMC].
Tel: +1 212 345 1366
Tel: +44 (0)782 448 3336
Tel.: +81 3 3500 3023
Table of ContentsBoston, MA, USA July 23, 2007
|Banks Not Up and Running with MFA||5|
|Multiple Issues Left to Tackle||5|
|Telephone Banking: Authentication Has Thrown Banks a Curve Ball||7|
|Factors Underlying Slow Adoption||7|
|Voice Authentication: Knight in Shining Armor?||9|
|Realistic Expectations -- Soft Solutions Using Risk-Based Authentication||10|
|The Emergence of Mobile Banking||13|
|Mobile Banking Requires MFA||13|
|What Are Canadian Banks Up to with MFA?||16|
|MFA Has Entered the Station||16|
|The Importance of Ongoing Customer Education||20|
|Objectivity and Methodology||26|