Enable Rapid Compliance With NCUA Requirements with SecureAuth’s Identity Enforcement Platform

Federally Insured Credit Unions are increasingly offering a variety of Internet banking services ranging from simple inquiry to complex e-Commerce activities for their members. In parallel, the number of members using transactional sites grew significantly. As e-Commerce services increase in volume and complexity, criminals are using more sophisticated methods for account fraud and identity theft. As such, the National Credit Union Administration (NCUA) strongly recommends that credit unions should become more diligent to safeguard member information, to prevent money laundering and terrorist financing, to reduce fraud, and to inhibit identity theft. One of the effective security measures to mitigate these risks is to implement an effective and reliable authentication system.

On November 5, 2005 the NCUA issued a letter stating that a single-factor authentication such as user name and password used as a security control mechanism may not be adequate for high-risk transactions involving access to member information or fund transfers. To assist credit unions’ efforts in implementing an appropriate authentication system, the NCUA and other Federal Financial Institutions Examination Council (FFIEC) member agencies developed the following authentication guidance:

Member Account Authentication

Where the risk assessment indicates that the use of single-factor authentication is inadequate for the types of services period, credit unions should employ multifactor authentication, layered security, or other controls.

Monitoring and Reporting

Credit Unions should have policies and procedures in place that adequately monitor the system access. If an organization detects unauthorized access to applications and members’ accounts, it is to be reported to local law enforcement and the NCUA Regional Director.

SecureAuth Delivers Secure, Simple Access that Meets or Exceeds NCUA Requirements

SecureAuth is an Identity Enforcement Platform (IEP) that secures and simplifies access to every cloud, VPN, and web resource from the office, or remotely from mobile devices with integrated Authentication, SSO, and IdM Services. SecureAuth enables rapid compliance with NCUA recommendations while solving the problem of distributing “the something you have” through proven, non-intrusive technologies. The key to the SecureAuth solution is the utilization of the user’s browser as the second form of identification. By securely registering the user’s browser, SecureAuth is able to create second form of identification without forcing the user to install software or to carry a token. Registering the browsers is no easy task! SecureAuth removes the burden of registration through secure out-of-band channels including Mobile SMS One Time Password, Telephony Audio One Time Password, E-Mail One Time Password, Knowledge Based Authentication, Help Desk Phone Number and a Static PIN. In addition, Secure Auth supports customer selected images that must be identified from a pool of images when a user enters the site.

SecureAuth doesn’t require APIs or application modifications. With SecureAuth, an administrator determines the level of authentication required and only one set of authentication credentials is needed to support web, desktop and VPN resources. And your authentication credentials are securely stored on-premise in Microsoft Active Directory or other industry leading directories.

SecureAuth NCUA Compliance Checklist

NCUA Requirement	SecureAuth Feature	SecureAuth Benefit
Second form of authentication	Drag & Drop Authentication Options: User ID + 2nd Factor; UserID + 2nd Factor + Password; UserID + Certificate; UserID + Certificate + Password; UserID + 2nd Factor + Certificate	Map the authentication method that provides the appropriate level of security for the risk associated with financial products, accounts and transactions.
Monitoring and Reporting	User management logs and authentication Trials	Comprehensive history and audit Trial supports ongoing audit requirements
Additional Capabilities to Meet or Exceed NCUA Requirements
Knowledge-based authentication	Create and store secret questions and answers	User authentication and mutual authentication capabilities of the SecureAuth IEP Platform leverage knowledge-based authentication to increase consumer confidence in online banking.
Mutual authentication	Image or message authentication for site validation	Verifies the customer’s identity to the bank, and the web site’s authenticity to the customer so customers know that they are on a genuine financial services site before entering any sensitive information.

SecureAuth 2-factor authentication is one of many functions of the SecureAuth Identity Enforcement Platform which provides Identity Enforcement plus SSO, access and user management services in a single solution.

To learn why SecureAuth Corporation is the ideal choice to provide deployable, cost effective, and scalable solutions that meet financial services institutions’ online security requirements as well as meeting NCUA regulatory guidelines, check out SecureAuth IEP in more detail.