If you're part of a financial institution, chances are you've memorized the Federal Financial Institutions Examination Council (FFIEC) guidance chapter and verse, and, with risk assessment in hand, are in the midst of rolling out some form of consumer authentication. If yours is like most financial institutions, you approached FFIEC audits with a "good enough" mentality, meaning that whatever you install to protect people against online fraud and ID theft is better than what you had — and the less invasive to the consumer the better.
Ahhhhh, the internet. We are hooked, and we better be prepared for the consequences. Real dollars are being lost, identities are being stolen, botnets are running rampant, consumer ATM cards are being compromised, spam is jamming our inboxes, the press is reporting stories that contribute to consumer cyber fears, and mankind again finds itself waging a protracted war — this time against internet insecurity.