If you're part of a financial institution, chances are you've memorized the Federal Financial Institutions Examination Council (FFIEC) guidance chapter and verse, and, with risk assessment in hand, are in the midst of rolling out some form of consumer authentication. If yours is like most financial institutions, you approached FFIEC audits with a "good enough" mentality, meaning that whatever you install to protect people against online fraud and ID theft is better than what you had — and the less invasive to the consumer the better.