By the end of 2006, U.S. banks were supposed to have implemented “strong authentication” for online banking. The most obvious way to meet the guidance would have been to issue one-time password devices or set up another form of two-factor authentication. A combination of device authentication, additional security questions and extra fraud controls doesn’t seem like a bad approach. But, almost six months past the FFIEC deadline, what are banks telling customers about online security? Here’s what I learned.”]
Source: https://www.csoonline.com/article/2121695/what-banks-tell-customers-about-their-online-security.html