With an increasing number of cyber-attacks on financial
institutions, theres a need for higher expectations for banking institutions
and how they should mitigate risks regarding ATM cash-out schemes. In a recent press release, the FFIEC
announced they are issuing statements to notify financial institutions of the
risks associated with cyber-attacks on ATMs and card authorization systems.
Fraudsters attack financial institutions to gain access to
the settings of web-based ATM control panels of small to medium-sized
institutions. This enables them to withdraw funds beyond the cash balance in
customer accounts or beyond other control limits typically applied to ATM
withdrawal.
The FFIEC expects all financial institutions to address
these threats by reviewing the efficiency of their controls over IT networks,
card issuer authorization systems, and ATM usage parameters and fraud detection
processes. These updates from the FFIEC are being made to help make banking
institutions aware of ongoing trends. Its a good reminder about ongoing risks
and fraud prevention.
The FFIEC recommends institutions do the following:
- Routinely conduct information security risk
assessments - Perform security monitoring, prevention, and
risk mitigation - Protect against unauthorized access
- Implement and test controls around critical
systems regularly - Participate in security awareness and training
programs - Test incident response plans
- Participate in industry forums
We recommend taking time to make sure your hardware security
modules are in place, passwords are secure, and your fraud prevention
solution is up to par. Revisit the basics and add layers of security where
necessary.
[Contributed by EVS Marketing]