Skip navigation

Deploy MFA Security for FTC Safeguards Rule in a Snap

Get compliant fast with Duo’s multi-factor authentication (MFA) solution. The Federal Trade Commission (FTC) Safeguards Rule protects consumer data and how it is accessed and stored. Operating as a part of the Gramm-Leach-Bliley Act (GBLA), the Safeguards mandate must be followed by any institution handling consumer financial transactions online.

The FTC Safeguards Rule explicitly mandates multi-factor authentication (MFA) as a technical requirement for FTC compliance. The rule states that **all affected organizations must implement this safeguard by June 9, 2023. **

The good news: If you haven’t implemented MFA or other mandated protection yet, there’s still time. And we can help.

FTC Compliance Guide

An image of a person in a library holding a tablet

What is FTC Compliance?

For Non-Financial Institutions, It Means Strong Protections

FTC compliance now requires non-financial institutions that handle customer data and transactions online to:

  • Ensure the security and confidentiality of customer information

  • Safeguard against threats that could put that information at risk and

  • Prevent unauthorized access to customer information

For instance, without a robust access management environment that includes strong MFA, you could leave your organization vulnerable to phishing campaigns that target busy or distracted employees and partners, leading them to download malware that can compromise your data. (In fact, attackers now are bypassing weaker MFA solutions to take advantage of gaps in their security. This makes strong MFA a must.)

Who Must be FTC Compliant?

Non-financial institutions covered in the rule include mortgage lenders, payday lenders, auto dealerships, travel agencies, real estate appraisers, credit card retailers, finance companies, account servicers, check cashers, wire transferors, collection agencies, credit counselors and other financial advisors, tax preparation firms, non-federally insured credit unions, and some investment advisors.  Explore FTC Compliance for Auto Dealerships.

What are FTC Violations?

FTC violations are failures to implement and maintain FTC Safeguard mandates, such as regular monitoring and risk assessments, regular testing of safeguards, overseeing service providers, failure to prevent unauthorized access to data, and more. Depending on the size of your organization and the volume and nature of the data you need to protect, compliance measures may require time, resources, and investment.

But FTC violations come at an even greater cost: Once fines and penalties, lawsuits, and loss of business and brand damage are factored in, non-compliance costs on average amount to $14.8 million per incident. Some violations can even result in prison time if executives, directors, or other stakeholders are convicted of criminal negligence.

A list of two checkboxes with both of them checked by the pen in the image

Duo Helps You Stay Compliant

Duo has a long history of working with customers that operate in strict regulatory environments. Duo can help protect credentials and enforce device and access policies that make sure only the right users have access to the right data. Duo also helps organizations like yours meet a range of compliance requirements, including the FTC Safeguards Rule, other GLBA mandates, PCI DSS, GDPR, NIST, ISO 27001, SOC2, EPCS, HIPAA, CCPA, FFIEC, and more. Read about Duo and compliance.

A wall clock that reads 11:55

Get MFA Up and Running in Minutes

Worried about the FTC Safeguards deadline? Don’t be. You can quickly meet compliance deadlines with Duo. As a cloud-based solution, Duo easily integrates with your infrastructure and can be rolled out enterprise-wide. This includes integrations for more than 200 applications. Duo also supports secure access to cloud-based, on-premises and custom applications, VPNs, servers, and more. Applications can be set up in minutes. In fact, even large organizations often deploy Duo in weeks, not months or years.

A Duo user using their mobile phone to authenticate their access by clicking on the buttons provided in the application

Easy to Use, With Versatile Authentication Methods

Here’s more good news: Duo is easy to use. We’ve designed the Duo login process to be simple for all users, without compromising productivity. Flexible authentication methods such as push notifications, tokens, biometrics, and more allow users to choose the best fit for their workflow. Duo Push allows employees to authenticate with just one tap on a smartphone app, making access security more frictionless than ever. 

An example of Duo's interactive management dashboard providing increased visibility into all devices under management

Duo Incorporates Zero Trust Principles

Looking to implement zero trust? Duo makes cybersecurity simple while helping you build a zero trust foundation. With Duo, organizations can improve workforce mobility and increase visibility into all devices. Block risky access attempts by defining contextual policies to allow only authorized users. Enforce screen lock and encryption with self-service resolution. Eliminate multiple authentication sessions with Duo SSO (single sign-on) and reduce passwords with Duo Passwordless authentication.

Get a free trial of Duo.

Businessman looking at mobile device and smiling.