IT Examiner School, Seaside, CA

CATO Best Practices vs. FFIEC Authentication Guidance

• Requested by bankers and designed from recommendations of the banking industry

• Clearly outlines a serious threat that they are possibly unaware of and explains what actions need to be taken

• Goes beyond stating broad actions to take and includes detailed options and resources developed by community bankers for implementing the controls

CATO Summary

• CATO is a form of ID Theft in which cybercriminal gains control of a business’ or individual’s bank account by stealing the user IDs and other credentials a business/individual uses for on-line banking. • Banking institutions continue to suffer increasing losses tied to account takeover. • In the case of account takeover, the consumer, the end user, is the weakest link. Customer education is a key factor for success.