Countdown to FFIEC Fitness: As Authentication Deadline Nears, Banks Consider All Options
Why this work is in the frame
A frame that forgets how it found something cannot be audited. These are the routes that admitted this work.
Bibliographic record
Abstract
Like early birds with worms, banks that began to revamp their online authentication process prior to regulatory prodding have been validated by the powers that be and are in a relaxed state of waiting. Zions Bank, for one, opted to beat any mandates related to the Federal Financial Institutions Examination Council's strong authentication guidance, dated October 2005 and with an action date of January 2007. The Utah-based regional powerhouse had begun thinking about the issue a year and a half ago, says Lee A Carter, president of online banking for Zions. It was done because it is the right thing to do, the executive says simply. Opting for a device-profiling solution, Zions launched its enhanced front door, after extended fanfare and customer education on July 20. Vasco, with U.S. offices in Chicago, is the largest global provider of authentication, and as such, is familiar with other early adopters. Adam Dolby, business development manager, financial sector, indicates clients that include ABN Amro, Sovereign, and Wachovia all say, it on, when it comes to prospect of facing more demanding examiners. is really a global issue, says Dolby. It's been interesting to see the use of improved authentication methodology and software migrate from Europe and Canada to Asia and now--largely because of FFIEC--to the U.S., he explains. FFIEC confusion Now, with a December 30 deadline on matters related to authentication closing in, it's time for the laggards to get in the groove. The question is, how best--and how exactly--to supplement the lowly, now largely discredited, password? There are many options, even too many, to choose among. Meanwhile, some confusion still exists about what is actually required even as most experts believe that what a guidance-related project can't be is significantly underdone at the dawn of 2007. Still, the penalties aren't yet clear and rumors are circulating of an extended grace period throughout next year. Against this backdrop, banks are figuring out how to proceed. Banks are on a measured course of action with this, notes Beth Robertson, research director with Gartner, Stamford Conn. She admitted surprise at the attendance levels at June conferences and webinars that discussed preparation for FFIEC guidance. Robertson notes that most institutions are still figuring out what will be best for their needs, target markets, and transaction risk profiles. Even though Zions is good on the authentication front, for example, executives there are already thinking about what else needs to be done to protect riskier transactions, according to Carter. Dennis Maicon, vice-president, Digital Resolve, Norcross, Ga., also sees bankers (particularly from the larger institutions) thinking through the security issues and broader requirements only obliquely referred to by the guidance, which, admittedly, dovetails with the company's 360 degree marketing message. Among my perspective customers, the thinking is, this is also an opportunity to address fraud comprehensively, Maicon explains. This would include the ability to monitor channel activity and stop suspect transactions, for instance, while creating audit trails useful for reporting purposes and for working with authorities when the inevitable investigation arises. Gartner's Robertson agrees that most banks want to solve root issues of transaction and data protection as well as address multiple potential avenues of fraud. But she points out, anything that gets re-engineered has to also be financially feasible and make sense in terms of the institution's net risk profile. We bring this up because there are many who say that too much emphasis is at the front-door, mostly due to a misinterpretation of what FFIEC's authentication guidance suggests more broadly about how to best engineer online security. Instead, these advocates believe, the emphasis ought to be on increasing consumer confidence in the channel and, in fact, making it safer. …
Fetched live from OpenAlex and de-inverted. Abstracts are not stored in this database: the inverted indexes are 8.6 GB of the frame’s 9.3 GB of text, and the host has 13 GB free.
Full frame distilled prediction
Teacher imitationNot calibrated prevalence, not ground truth. Human validation pending. Learned from the 10,348 direct Codex labels and 10,348 direct Gemma labels. Candidate is the union of thresholded teacher heads; consensus is their intersection. These outputs are machine_predicted_unvalidated and are not human labels or direct frontier model labels.
Codex and Gemma teacher scores by category
| Category | Codex | Gemma |
|---|---|---|
| Metaresearch | 0.001 | 0.000 |
| Meta-epidemiology (narrow) | 0.000 | 0.000 |
| Meta-epidemiology (broad) | 0.000 | 0.000 |
| Bibliometrics | 0.000 | 0.000 |
| Science and technology studies | 0.001 | 0.000 |
| Scholarly communication | 0.002 | 0.001 |
| Open science | 0.000 | 0.000 |
| Research integrity | 0.000 | 0.000 |
| Insufficient payload (model declined to judge) | 0.002 | 0.001 |
Machine scores (provisional)
The two teacher heads of the student model, read on this work. A score orders the frame for review; it never asserts a category, and the validation status ships verbatim with every row.
Baseline scores from an immature model (maturity gate not passed, 7 training rounds). Scores rank; they never assert a category.
score_only:v0-immature-baseline · verbatim from the scoring run: score_only means the number may rank works, and no category label ships from it