Cyber-Attacks on ATM & Card Authorization Systems and DDoS

The Federal Financial Institutions Examination Council (FFIEC) issued a statements for financial institutions of the risks associated with cyber-attacks on Automated Teller Machine (ATM) and card authorization systems and the continued distributed denial of service (DDoS) attacks on public-facing websites. The statements describes steps institutions need to take to address these attacks and highlight resources institutions can use to help mitigate the risks posed by such attacks.

Cyber-attacks on small- to medium-sized financial institutions are on the rise. The FFIEC expects financial institutions to take steps to address this threat by reviewing the adequacy of their controls over information technology networks, card issuer authorization systems, ATM usage parameters, and fraud detection processes. In addition, the members expect financial institutions to have effective response programs to manage cyber attacks.

The members also expect financial institutions to address DDoS readiness as part of their ongoing information security and incident plans. More specifically, each institution is expected to monitor incoming traffic to its public website, activate incident response plans if it suspects that a DDoS attack is occurring, and ensure sufficient staffing for the duration of the attack, including the use of pre-contracted third-party servicers, if appropriate.

Cyber-attacks on Financial Institutions’ ATM and Card Authorization Systems (PDF)
Distributed Denial-of-Service (DDoS) Cyber-Attacks, Risk Mitigation, and Additional Resources

Contact Us

Have any questions? Send our team an email and we'll get back to you as soon as posible. *Warning: Do not send or include any information in any email generated through this web site if you consider the information confidential or privileged. By submitting information by email or other communication in response to this web site, you agree that the communication does not create a lawyer-client relationship between you and the law firm and its lawyers and that any information submitted is not confidential and is not privileged. You further acknowledge that, unless the law firm subsequently enters into a lawyer-client relationship with you, any information you provide will not be treated as confidential and any such information may be used adversely to you and for the benefit of current or future clients of the law firm.

Start typing and press Enter to search