CUNA
  • Advocacy
    • Priorities we’re fighting for
    • Actions you can take
  • News
  • Learn
  • Compliance
  • Shop
  • Topics
    • Compliance
    • Credit Union Hero
    • Credit Union Rock Star
    • Credit Union System
    • Directors
    • Human Resources
    • Leadership
    • Lending
    • Marketing
    • Operations
    • Policy & Issues
    • Sales & Service
    • Technology
  • Credit Union Magazine
    • Buyers' Guide
    • Digital Edition
    • Credit Union Hero
    • Credit Union Rock Star
    • Subscribe
    • Advertise
    • Contact
  • Advertise
  • Awards
    • Nominate Credit Union Hero
    • Nominate Credit Union Rock Star
  • Podcasts
  • Videos
  • Contact
Learn More about Member Value

News

Member Benefits
Learn more
Learn more about the benefits of membership.
Home » Fight Off Cyber and DDoS Attacks
Compliance

Fight Off Cyber and DDoS Attacks

Regulators expect institutions to take steps to address security threats.

August 6, 2014
No Comments

ATM fraud

The Federal Financial Institutions Examination Council (FFIEC) agencies issued joint statements in April to notify financial institutions of the risks associated with cyber-attacks on ATM and card authorization systems, and the continued distributed denial of service (DDoS) attacks on public websites.

The statements describe steps the regulators expect institutions to take to address these attacks and highlight resources they can use to help mitigate the risks posed by such attacks.

‘Unlimited Operations’

The agencies warned institutions of a type of ATM cash-out fraud the U.S. Secret Service characterizes as “Unlimited Operations.”

The is a category of ATM cash-out fraud where criminals withdraw funds beyond the cash balance in consumers’ accounts or beyond other control limits typically applied to ATM withdrawals.

Criminals perpetrate the fraud by initiating cyberattacks to gain access to Web-based ATM control panels, which enables them to withdraw funds from ATMs using stolen debit, prepaid, or ATM card account information.

“Unlimited Operations” may cause financial institutions to incur large dollar losses. Therefore, regulators expect institutions to take steps to address this threat by reviewing the adequacy of their controls over their information technology networks, card issuer authorization systems, systems that manage ATM parameters, and fraud detection and response processes.

DDoS attacks

Regulators expect financial institutions to address DDoS readiness as part of ongoing information security and incident response plans. In accordance with regulatory requirements and the FFIEC Information Technology Handbook on Business Continuity Planning and Information Security, regulators expect institutions to take these steps:

  • Maintain an ongoing program to assess information security risk that identifies, prioritizes, and assesses the risk to critical systems, including threats to external websites and online accounts;
  • Monitor Internet traffic to the institution’s website to detect attacks;
  • Activate incident response plans and notify service providers as appropriate if the institution suspects that a DDoS attack is occurring. Response plans should include appropriate communication strategies with customers concerning the safety of their accounts;
  • Ensure sufficient staffing for the duration of the DDoS attack and consider hiring precontracted third-party servicers that can assist in managing the Internet-based traffic flow. Identify how the institution’s Internet service provider can assist in responding to and mitigating an attack;
  • Consider sharing information with organizations, such as the Financial Services Information Sharing and Analysis Center and law enforcement. Attacks can change rapidly, and sharing information can help institutions identify and mitigate new threats and tactics; and
  • Evaluate any gaps in the institution’s response following attacks and in its ongoing risk assessments. Adjust risk management controls accordingly.

KEYWORDS ATM cybersecurity DDos ffiec

Post a comment to this article

Report Abusive Comment

Credit Union Magazine - Winter 2019

Winter 2019

Alternative lending, compliance management systems, and ideas for boosting credit card portfolios are among the topics of Credit Union Magazine’s Winter 2019 edition.
App •  Digital Edition •  Subscribe

Trending

  • Compliance: Using alternative data in underwriting

  • Turn mistakes into success

  • Concerns over credit union-bank mergers, CRA ‘inaccurate, misinformed’

Tweets by CUNA_News

Polls

What's the pace of staff turnover at your CU?

View Results
More

Champion of America’s Credit Unions

Credit Union National Association is the only national association that advocates on behalf of all of America’s credit unions. We work tirelessly to protect your best interests in Washington and all 50 states. We fuel your professional growth at every level and champion the credit union story at every turn.

More CUNA

  • About
  • Careers
  • Contact Us
  • Recommended Websites

Resources for

  • CUNA Board Members
  • Credit Union Advocates
  • Leagues
  • Press
  • Vendors