Gartner Inc. analyst Avivah Litan estimated that no more than 20 percent of U.S. banks are in compliance now. "Many banks didn't take this very seriously early on," she said. "The usual questions I was getting were, 'How serious is this?' and 'What do the regulators want?' "

Litan added, though, that much of the confusion appears to be dissipating as the deadline gets closer and more banks begin to complete their risk assessments and figure out what kind of strengthened authentication approaches they should take.

Many banks have contacted federal regulators to make sure that the strong authentication measures they plan to implement will meet the FFIEC's guidelines, said Chris Young, senior vice president of RSA's consumer solutions division. "I don't, at this point, see a lot of head-scratching around what the best approach needs to be," he added.

But Jonathan Eber, a senior product manager at P&H Solutions Inc. in Boston, said he's still seeing a spectrum of attitudes toward the FFIEC guidelines. P&H sells software and services for linking banks with corporate customers.

About 35 percent of the banks that the company works with have "a sense of urgency about this," Eber said. "There is a middle part of the bell curve where people say, 'I know I have to do it, but I'll be in compliance by Q1 or Q2 of next year.' And there are some who say, 'This doesn't apply to me at all.'"