NCUA Letters to credit unions address electronic security

WASHINGTON – NCUA recently issued two Letters to Credit Unions dealing with securing transactions in cyber space. In a letter focused on authentication in electronic banking, NCUA advised CUs to review authentication guidance recently issued by the Federal Financial Institutions Examination Council (CU Times, August 22). “Member interaction with credit unions is migrating from paper-based transactions to remote electronic access and transaction initiation. This migration increases the risk of doing business with unauthorized or incorrectly identified parties that could result in financial loss or reputation to the credit union,” NCUA stated in the letter. To mitigate this risk, NCUA stated that “an effective authentication program should be implemented across a CU’s operations and the level of authentication used in a particular application should be appropriate to the level of risk in that application.” Methods outlined by the FFIEC for doing this, and echoed by NCUA, include the following: * An enterprise-wide assessment of the risk posed by the CU’s electronic banking systems; * Utilizing reliable methods to verify the identity of members during the account origination process, and authenticating members before granting access to online banking; * Authentication system should include auditing and monitoring features that can help detect fraud; * The CU’s authentication process should be reviewed periodically in light of changing or new risks. In another letter to CUs, NCUA focused on helping CUs develop a written security program as mandated by NCUA Rules and Regulations Part 748. NCUA stressed that the size of a CU isn’t a factor in securing electronic data. “Regardless of the size of your credit union, you must address the security of its systems and the data which resides on, or is transmitted across, those systems. Two credit unions of significantly different asset sizes, which provide services via the Internet, face and must deal with the same risks associated with that service,” NCUA stated. [email protected]