IT Examiner School - Oct 2023

Internal Use Only

Customer Remote Access to Financial Services • Firms should implement appropriate authentication techniques commensurate with the risk from remote banking activities • Remote access controls should also include some combination of:  Application timeouts with mandatory re-authentication  Fraud detection & monitoring systems  Dual customer authorization through different access devices  Positive pay, debit blocks & other techniques to limit transactions  Transactional value limits, restrictions on adding payment recipients  Account maintenance controls • Customer education can also be used to mitigate risk

57

Internal Use Only

Patch Management

58