New Fraud Prevention Expectations From The FFIEC

  • Fraud Prevention

With an increasing number of cyber-attacks on financial institutions, theres a need for higher expectations for banking institutions and how they should mitigate risks regarding ATM cash-out schemes. In a recent press release, the FFIEC announced they are issuing statements to notify financial institutions of the risks associated with cyber-attacks on ATMs and card authorization systems.

Fraudsters attack financial institutions to gain access to the settings of web-based ATM control panels of small to medium-sized institutions. This enables them to withdraw funds beyond the cash balance in customer accounts or beyond other control limits typically applied to ATM withdrawal.

The FFIEC expects all financial institutions to address these threats by reviewing the efficiency of their controls over IT networks, card issuer authorization systems, and ATM usage parameters and fraud detection processes. These updates from the FFIEC are being made to help make banking institutions aware of ongoing trends. Its a good reminder about ongoing risks and fraud prevention.

The FFIEC recommends institutions do the following:

  • Routinely conduct information security risk assessments
  • Perform security monitoring, prevention, and risk mitigation
  • Protect against unauthorized access
  • Implement and test controls around critical systems regularly
  • Participate in security awareness and training programs
  • Test incident response plans
  • Participate in industry forums

We recommend taking time to make sure your hardware security modules are in place, passwords are secure, and your fraud prevention solution is up to par. Revisit the basics and add layers of security where necessary.


[Contributed by EVS Marketing]