The FFIEC is an interagency body set up to develop standards for the auditing of financial institutions. Although the council isn't mandating compliance with the authentication guidelines, it has said that banks will be audited against them starting next year.

Gartner Inc. analyst Avivah Litan estimated that no more than 20 percent of U.S. banks are in compliance now. "Many banks didn't take this very seriously early on," she said. "The usual questions I was getting were, 'How serious is this?' and 'What do the regulators want?' "

Litan added, though, that much of the confusion appears to be dissipating as the deadline gets closer and more banks begin to complete their risk assessments and figure out what kinds of strengthened authentication approaches they should take.

Many banks have contacted federal regulators to make sure the strong authentication measures they plan to implement will meet the FFIEC's guidelines, said Chris Young, senior vice president of RSA's consumer solutions division. "I don't, at this point, see a lot of head-scratching around what the best approach needs to be," he added.

But Jonathan Eber, a senior product manager at P&H Solutions Inc. in Boston, said he's still seeing a spectrum of attitudes toward the FFIEC guidelines. P&H sells software and services for linking banks with corporate customers.