FFIEC — Voice Biometrics Glossary
The FFIEC (Federal Financial Institutions Examination Council) regulates financial institutions. Formally established in the United States in March of 1979 it is empowered with the purpose to “prescribe uniform principles, standards, and report forms and to promote uniformity in the supervision of financial institutions.”
The five federal regulatory agency members of the FFIEC include the:
- Board of Governors of the Federal Reserve System (FRB)
- Federal Deposit Insurance Corporation (FDIC)
- National Credit Union Administration (NCUA)
- Office of the comptroller of the Currency (OCC)
- Office of Thrift Supervision (OTS)
In August of 2001, the FFIEC released their guidance, “Authentication in an Internet Banking Environment,” noting that “customer interaction with financial institutions is migrating from person-to-person and paper-based transactions to remote electronic access” which “increases the risk of doing business with unauthorized or incorrectly identified parties.” The guidelines suggested appropriate authentication methods be employed dependent upon the level of risk.
In October of 2005, the FFIEC released their guidance update as a result of the “continued growth of Internet banking and other forms of electronic banking activity and the increased sophistication of threats of those environments” stating that “an effective authentication system is necessary for financial institutions’ compliance with requirements to safeguard customer information; to prevent money laundering and terrorist financing; to reduce fraud and the theft of sensitive customer information, often the precursor to identity theft; and to promote legal enforceability of financial institutions’ electronic agreements and transactions.”
While it did not endorse any particular method of authentication, the FFIEC included an appendix defining the term “authentication” to mean “the process of verifying the identity of a person or entity” and explaining that authentication factors include “something a person knows” (such as a PIN or a Password), “something a person has” (such as a token) and/or “something a person is” (biometrics).
The FFIEC also discussed single-factor (using a password), two-factor (using ATM card and PIN) and multifactor authentication methods (using two or more factors in conjunction to authenticate identity), urging online banking services to implement stronger security measures by January of 2007.
VoiceVerified offers an FFIEC compliant voice authentication application for Financial Services that provides quick, effective voice verification without intrusive and annoying procedures.