THE SECURITY RISK IN THE EFT ENVIRONMENT IS CLASSIFIED INTO TWO PROBLEM AREAS -- IDENTIFICATION, AND PENETRATION OF THE VARIOUS SUBSYSTEMS. IN CONSIDERING THE PROBLEM AREA OF IDENTIFICATION, THERE IS A PRIMARY RESPONSIBILITY TO IDENTIFY THE USER OF THE EFT SYSTEM. THE CURRENT MECHANISM FOR IDENTIFICATION IS BASED ON A TWO-KEY ENTRY ACTIVATOR -- THE USE OF A PLASTIC CARD AND KNOWLEDGE OF A PERSONAL IDENTIFICATION NUMBER. THE SUBSYSTEMS ENDANGERED BY PENETRATION OR VIOLATION ARE: THE CARD, TERMINALS, COMMUNICATIONS LINKS, AND THE COMPUTER. IDENTIFICATION TECHNIQUES ARE DESCRIBED, AND THEIR RELATIVE COST AND RELIABILITY ARE DISCUSSED. ONE OF THE MOST POPULAR IDENTIFICATION TECHNIQUES -- USE OF A PLASTIC CARD -- IS DISCUSSED IN TERMS OF CARD SECURITY VULNERABILITY, COUNTERMEASURES, AND STANDARDS. THE VULNERABILITY OF DATA TRANSMISSION OPERATIONS IS DISCUSSED, AND COUNTERMEASURES ARE DESCRIBED. IN CONNECTION WITH DATA TRANSMISSION SECURITY, THE ENCRYPTION STANDARD OF THE NATIONAL BUREAU OF STANDARDS IS CONSIDERED. COMPUTER SECURITY IS ALSO DISCUSSED IN TERMS OF VULNERABILITY AND COUNTERMEASURES. APPENDIXES INCLUDE REFERENCES CITED AND A BIBLIOGRAPHY. (RCB)