Since the 2012 deadline was set for financial institutions to adhere to the new FFIEC guidelines, banks have been taking steps to make sure they meet the security regulations. But with the New Year less than a week away, just how close are banks to complying? According to a Dec. 16th Credit Union Times article, roughly half of the banking institutions recently surveyed by Guardian Analytics say they are ready for the FFIEC guidance, which means a lot of banks are probably still scrambling to meet the approaching deadline.

In the Guardian’s FFIEC Online Banking Security Readiness Study, 84% of banks surveyed said they plan to invest in new technology to address the enhanced expectations. But while 57% of respondents said they have completed a risk assessment and 59% have devised a way to fill any online banking security gaps, only 43% have actually purchased solutions.

According to the report, one of the reasons banks and credit unions aren’t fully prepared for the new guidelines may be a lack of fully understanding the minimum requirements around layered security and authentication. While the FFIEC’s Supplement to the Authentication has outlined how banks will soon be accountable for detecting and responding to suspicious activity and enhancing controls of administrative functions for business accounts, 41% of those surveyed were unable to identify anomaly detection and 56% were unable to identify enhanced controls.

On average, respondents ranked the level of protection as the top driver for choosing a technology solution, followed by customer convenience. For banks looking for an authentication solution that does both, the TrustID® network-based Physical Caller Authentication tool knocks both out of the park, while helping financial institutions meet the FFIEC’s multi-factor authentication paradigm for identifying customers, which recommends banks deploy at least two of the following categories for customer authentication:

1. “Something you know” (e.g., password, personal identification number [PIN], personally identifiable information [PII])

2. “Something you are” (e.g., fingerprint, retinal pattern, DNA)

3. “Something you have” (e.g., ID or ATM card, security token, telephone)

By invisibly detecting criminals before the call is picked up by a bank’s content center IVR or agent, TrustID makes the telephone number a trusted “Something you have” credential for validating Caller ID and ANI. In doing so, TrustID also reduces highly intrusive telephone interrogation practices that are required by knowledge-based authentication (KBA) solutions.

In other words, when it comes to enhancing the level of protection and improving the customer experience in all banking channels, including the telephone channel, TrustID provides a win-win proposition while helping banking institutions achieve new FFIEC guideline requirements for increased multi-factor authentication.