Go to:

July 2018
< Jun Aug >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

FFIEC: Cyber Attacks on the Rise; Financial Institutions Need to be Alert
Thursday, April 3, 2014 7:00 AM

Cyber-attacks on financial institutions to gain access to, and alter the settings on, Web-based ATM control panels used by small- to medium-sized institutions are on the rise, and the Federal Financial Institutions Examination Council (FFIEC) says financial institutions need to be alert.

Yesterday, the FFIEC issued a statement notifying financial institutions of the risks associated with cyber-attacks on Automated Teller Machine (ATM) and card authorization systems and the continued distributed denial of service (DDoS) attacks on public-facing websites. The statement describes steps financial institutions should take to address these attacks, and highlights resources institutions can use to help mitigate the risks posed by such attacks.

Financial institutions should, the FFIEC says, should review the adequacy of their controls over information technology networks, card issuer authorization systems, ATM usage parameters, and fraud detection processes. In addition, the members expect financial institutions to have effective response programs to manage this type of incident.

The FFIEC also expects financial institutions to address DDoS readiness as part of their ongoing information security and incident plans. More specifically, each institution is expected to monitor incoming traffic to its public website, activate incident response plans if it suspects that a DDoS attack is occurring, and ensure sufficient staffing for the duration of the attack, including the use of pre-contracted third-party servicers, if appropriate.


Helpful Resources: Financial & Technology Resources available through Credit Union Resources.  A wealth of services is available, including:

  • Security Risk Assessment: Evaluate the risk of compromising member information in fulfillment of the NCUA Regulation 748 Appendix A and B to include physical, administrative, and technical security.
  • TR-39 ATM PIN Security Audit (Previously known as a TG-3 PIN Audit): Certified CTGA auditor performs audit focusing on security practices throughout all six phases of the encryption key life cycle: Generation, Distribution, Storage, Usage, Destruction, and Compromise. The evaluation is in fulfillment of the even-numbered year audit requirements by the 3 ATM network processors PULSE, STAR, and NYCE.
  • Security Risk Assessment and Policy & Program Annual Review: Detailed review of the 26 elements associated with the Risk Assessment and Policy & Program in fulfillment with the NCUA Regulation 748 annual review requirements.
  • Network Vulnerability Assessment Testing: Assess current Internet connections to identify points of weakness that leave the credit union exposed to external threats that may be a result from hackers, network viruses and more. Testing is in fulfillment of NCUA’s Letter to Credit Unions, eCommerce Guide to Credit Unions 02-CU-17.
  • Systems Maintenance: This service will help ensure the healthy and efficient performance of your computers and network. We will securely connect to your network and apply all needed software updates, antivirus/anti spyware updates, perform disk cleanup and disk defragmentation tasks, and review event logs to proactively identify potential issues.