Since the guidelines were issued, many banks have added a second authentication layer for users when conducting certain kinds of online transactions. However, in many cases, the added measures have been largely cosmetic in nature and have done in the way the FFIEC had originally intended, Litan said.

"Obviously, some of the banks thought that it was enough if they simply added cookies or challenge/response-based authentication," Litan said. "What has happened is that the FFIEC has realized that some banks need to be told in black and white what they need to do."

The FFIEC did not immediately respond to Computerworld's requests for clarification on the purported release of the new guidelines.

News of the proposed revisions come amid growing concerns about the ability of cyber criminals to circumvent the existing authentication mechanisms used by banks for online transactions.

Over the past two years there have been a string of attacks, , by cyber criminals using stolen banking credentials to plunder corporate accounts.