Insights

New Fraud Prevention Expectations From The FFIEC

With an increasing number of cyber-attacks on financial
institutions, theres a need for higher expectations for banking institutions
and how they should mitigate risks regarding ATM cash-out schemes. In a recent press release, the FFIEC
announced they are issuing statements to notify financial institutions of the
risks associated with cyber-attacks on ATMs and card authorization systems.

Fraudsters attack financial institutions to gain access to
the settings of web-based ATM control panels of small to medium-sized
institutions. This enables them to withdraw funds beyond the cash balance in
customer accounts or beyond other control limits typically applied to ATM
withdrawal.

The FFIEC expects all financial institutions to address
these threats by reviewing the efficiency of their controls over IT networks,
card issuer authorization systems, and ATM usage parameters and fraud detection
processes. These updates from the FFIEC are being made to help make banking
institutions aware of ongoing trends. Its a good reminder about ongoing risks
and fraud prevention.

The FFIEC recommends institutions do the following:

  • Routinely conduct information security risk
    assessments
  • Perform security monitoring, prevention, and
    risk mitigation
  • Protect against unauthorized access
  • Implement and test controls around critical
    systems regularly
  • Participate in security awareness and training
    programs
  • Test incident response plans
  • Participate in industry forums

We recommend taking time to make sure your hardware security
modules are in place, passwords are secure, and your fraud prevention
solution
is up to par. Revisit the basics and add layers of security where
necessary.

[Contributed by EVS Marketing]

Explore more articles