An official website of the United States government
OCC Bulletin 2014-13
April 2, 2014
Share This Page:
Chief Executive Officers of All National Banks, Federal Branches and Agencies, Federal Savings Associations, Technology Service Providers, Department and Division Heads, All Examining Personnel, and Other Interested Parties
The members of the Federal Financial Institutions Examination Council (FFIEC)1 today issued a joint statement to notify financial institutions of a large-dollar-value automated teller machine (ATM) cash-out fraud characterized as Unlimited Operations by the U.S. Secret Service. The members are aware of a recent increase in cyber-attacks on financial institutions launched in connection with this fraud to gain access to, and alter the settings on, ATM Web-based control panels used by small-to-medium-sized financial institutions.
The members of the FFIEC expect financial institutions to take steps to mitigate this threat by ensuring that
Community banks with ATMs should work closely with their service providers and ensure that the providers are taking appropriate action to mitigate this risk.
Questions regarding the FFIEC statement should be directed to the OCC’s Bank Information Technology Division at (202) 649-6340.
Carolyn G. DuChene
Deputy Comptroller for Operational Risk
1 The FFIEC members include the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, the State Liaison Committee, and the Consumer Financial Protection Bureau.