Board of Governors of the Federal Reserve System, Div. of Banking Supervision and Regulation, Interagency Guidance on Authentication in an Internet Banking Environment (SR Letter 05-19) (Oct. 13, 2003) (full-text).
This guidance specifically addresses the need for risk-based assessments, customer awareness, and security measures to reliably authenticate customers accessing financial institutions' Internet-based services. The guidance also emphasizes that the agencies consider single-factor authentication, if it is the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties.
This guidance applies to both retail and commercial customers and does not endorse any particular technology. Financial institutions should use this guidance when evaluating and implementing authentication systems and practices whether they are provided internally or by a technology service provider. Although this guidance is focused on the risks and risk management techniques associated with the Internet delivery channel, the principles are applicable to all forms of electronic banking activities.