- 1.877.NO.TOKEN
- (1.877.668.6536)
PhoneFactor.com
Regulatory Compliance
Authentication in an Internet Banking Environment Guidance (FFIEC)
For banks offering Internet-based financial services, the guidance describes enhanced authentication methods that banks are expected to use when authenticating the identity of customers using the on-line products and services. Financial institutions were expected to achieve compliance with the guidance by year-end 2006.
The FFIEC guidance states that single-factor authentication is not sufficient and requires additional authentication be applied to online transactions.
PhoneFactor enables rapid compliance with FFIEC recommendations. By using a device that customers already have (their phone) as a second factor of authentication, PhoneFactor can quickly be deployed to secure all online logins or just high risk transactions.
Payment Card Industry (PCI) Data Security Standards
The PCI DSS requirements explicitly require two-factor authentication for remote access to the merchant’s network as defined in requirement 8.3. The requirement states that merchants must implement two-factor authentication for remote access to the network by employees, administrators, and third parties.
PhoneFactor offers instant integration with virtually any VPN or remote access platform. Active Directory synchronization and user self enrollment features make it easy to deploy to all of your users, including remote and off site employees or partners. There are no tokens or other devices to deploy or manage.
Health Insurance Portability and Accountability Act (HIPAA)
Administrative Simplification (AS) provisions of Title II of HIPAA specifically require that national standards for electronic health care transactions be established. The Administration Simplification provisions also address the security and privacy of health data.
It is generally recognized that strong authentication is required for remote access to systems and networks containing health data. PhoneFactor is easy to for IT departments to deploy, and easy for health care professionals to use. So, it can be quick and cost effective to setup and maintain.
American’s with Disabilities Act (ADA) Section 508
In 1998, Congress amended the Rehabilitation Act to require Federal agencies to make their electronic and information technology accessible to people with disabilities. Section 508 was enacted to eliminate barriers in information technology and create new opportunities for people with disabilities using technologies that will help achieve stated goals. The law applies to all Federal agencies when they develop, procure, maintain, or use electronic and information technology. Under Section 508 (29 U.S.C. ‘ 794d), agencies must give disabled employees and members of the public access to information that is comparable to the access available to others.
Phone technologies have shown their ability to adapt to the needs of the disabled community. PhoneFactors’ integrated use of phone systems allows local and federal entities the ability to successfully implement Section 508 protocols and facilitate the use of multi-factor authentication for able and disabled persons when accessing critical information systems.
Identity Theft Red Flags (FACTA)
The Fair and Accurate Credit Transactions Act of 2003 (FACTA) is a US law that includes provisions to help reduce identity theft. New Red Flag rules (section 114 and 315 of FACTA) require financial institutions to develop and implement an Identity Theft Prevention Program in connection with both new and existing accounts. The Program must include reasonable policies and procedures for detecting, preventing, and mitigating identity theft. The deadline for compliance with the Red Flag Rules was November, 2008.
PhoneFactor’s primary function is to prevent unauthorized access to sensitive data and systems that could be used to perpetrate identity theft. PhoneFactor also provides a unique form of detection. Because the PhoneFactor authentication is generally performed after a correct user name and password have been provided, if a user receives a PhoneFactor call when they are not logging in, it means that their user name and password have been compromised. The user can immediately submit a Fraud Alert from the phone menu, which locks their account and notifies the company’s detection team.