The most recent Federal Financial Institutions Examination Council (FFIEC) supplement states that "...controls implemented in conformance with the guidance several years ago [the 2005 original guidance] have become less effective," and clarifies that "...malware can compromise some of the most robust online security controls."1 Unmistakably, what led to the release of the FFIEC supplement was the introduction of advanced malware that has created an increasingly hostile online banking environment. Sophisticated malware has become the primary attack tool used by online banking fraudsters to execute account takeover, steal credentials and personal information, and initiate fraudulent transactions. To address emerging threats, the FFIEC requires organizations to continuously perform risk assessments as new information becomes available, adjust control mechanisms as appropriate in response to these changing threats and implement a layered approach to security.2 Consequently, financial organizations need to select solutions that are able to identify emerging threats, address their impact and apply layered security that can quickly adapt to the ever-changing threat landscape.
IBM Security Trusteer solutions have been protecting customers against online banking fraud since 2006. Based on our accumulated experience with hundreds of financial institutions and millions of protected endpoints, we have identified key controls that are required to meet the FFIEC guidance and help prevent fraud in a cost-effective manner.
This white paper will discuss how organizations can achieve effective and sustainable online banking fraud prevention in accordance with FFIEC guidelines using the IBM Security cybercrime prevention architecture.