Layered Security


Your credit union uses both single and multifactor authentication, as well as additional “layered security” measures when appropriate. Layered security is characterized by the use of different controls at different points in a transaction process so that a weakness in one control is generally compensated for by the strength of a different control. This allows your credit union to authenticate members and respond to suspicious activity related to initial login and then later to reconfirm this authentication when further transactions involve the transfer of funds.

For business accounts, layered security might often include enhanced controls for system administrators who are granted privileges to set up or change system configurations, such as setting access privileges and application configurations and/or limitations.


The new supervisory guidance offers ways your credit union can look for anomalies that could indicate fraud. The goal is to ensure that the level of authentication called for in a particular transaction is appropriate to the level of risk in that application. Accordingly, your credit union has concluded a comprehensive risk-assessment of its current methods as recommended in the FFIEC guidelines. These risk assessments consider, for example:

  • changes in the internal and external threat environment
  • changes in the member base adopting electronic banking
  • changes in the member functionality offered through electronic banking
  • actual incidents of security breaches, identity theft, or fraud experienced by the institution or industry.