The full text on this page is automatically extracted from the file linked above and may contain errors and inconsistencies.
skip navigation Ask a Question > Get answers from experts Home About the FFIEC Contact Us Site Index Disclaimer Enforcement Actions What's New Consumer Compliance Computational Tools Reports Consumer Help Center Financial Institution Info Examiner Education Supervisory Info Cybersecurity Awareness Federal Register Freedom of Information Act EGRPRA (Economic Growth and Regulatory Paperwork Reduction Act of 1996) Industry Outreach Accessibility Press Releases Search Press Releases Privacy Policy Advisory Letter Federal Financial Institutions Examination Council April 2, 2014 For Immediate Release Financial Regulators Release Statements on Cyber-Attacks on Automated Teller Machine and Card Authorization Systems and Distributed Denial of Service Attacks The Federal Financial Institutions Examination Council (FFIEC) members are issuing statements to notify financial institutions of the risks associated with cyber-attacks on Automated Teller Machine (ATM) and card authorization systems and the continued distributed denial of service (DDoS) attacks on public-facing websites. The statements describe steps the members expect institutions to take to address these attacks and highlight resources institutions can use to help mitigate the risks posed by such attacks. Cyber-attacks on financial institutions to gain access to, and alter the settings on, Web-based ATM control panels used by small- to medium-sized institutions are on the rise. The members expect financial institutions to take steps to address this threat by reviewing the adequacy of their controls over information technology networks, card issuer authorization systems, ATM usage parameters, and fraud detection processes. In addition, the members expect financial institutions to have effective response programs to manage this type of incident. The members also expect financial institutions to address DDoS readiness as part of their ongoing information security and incident plans. More specifically, each institution is expected to monitor incoming traffic to its public website, activate incident response plans if it suspects that a DDoS attack is occurring, and ensure sufficient staffing for the duration of the attack, including the use of pre-contracted third-party servicers, if appropriate. The FFIEC was established in March 1979 to prescribe uniform principles, standards, and report forms, and to promote uniformity in the supervision of financial institutions. The Council has six voting members: a Governor of the Board of Governors of the Federal Reserve System, designated by the Chairman of the Board; the Chairman of the Federal Deposit Insurance Corporation; the Chairman of the Board of the National Credit Union Administration; the Comptroller of the Currency; the Director of the Consumer Financial Protection Bureau; and the Chairman of the State Liaison Committee. The Council's activities are supported by interagency task forces and by an advisory State Liaison Committee, comprised of five representatives of state agencies that supervise financial institutions. ### Attachments: Cyber-attacks on Financial Institutions’ ATM and Card Authorization Systems (PDF) Distributed Denial-of-Service (DDoS) Cyber-Attacks, Risk Mitigation, and Additional Resources (PDF) Media Contacts: CFPB Sam Gilford (202) 435-7673 FDIC Greg Hernandez (202) 898-6984 Federal Reserve Susan Stawick (202) 452-2955 NCUA John Fairbanks (703) 518-6336 OCC Stephanie Collins (202) 649-6870 SLC Catherine Woody (202) 728-5733 Maintained by the FFIEC. For suggestions regarding this site, Contact Us. Last Modified: 04/15/2020 11:10 AM
@FedFRASER