Skip to main content
OCC Flag

An official website of the United States government

OCC Bulletin 2014-13 | April 2, 2014

Cyber Attacks on Financial Institutions' Automated Teller Machine and Card Authorization Systems: Joint Statement

To

Chief Executive Officers of All National Banks, Federal Branches and Agencies, Federal Savings Associations, Technology Service Providers, Department and Division Heads, All Examining Personnel, and Other Interested Parties

Summary

The members of the Federal Financial Institutions Examination Council (FFIEC)1 today issued a joint statement to notify financial institutions of a large-dollar-value automated teller machine (ATM) cash-out fraud characterized as Unlimited Operations by the U.S. Secret Service. The members are aware of a recent increase in cyber-attacks on financial institutions launched in connection with this fraud to gain access to, and alter the settings on, ATM Web-based control panels used by small-to-medium-sized financial institutions.

Highlights

The members of the FFIEC expect financial institutions to take steps to mitigate this threat by ensuring that

  • each institution’s and service provider’s management of enterprise risk addresses this type of threat in its risk assessment process, and
  • controls associated with institution’s information technology networks, card issuer authorization systems, systems that manage ATM parameters, and fraud detection and response processes are reviewed for adequacy against this threat.

Note for Community Banks

Community banks with ATMs should work closely with their service providers and ensure that the providers are taking appropriate action to mitigate this risk.

Further Information

Questions regarding the FFIEC statement should be directed to the OCC’s Bank Information Technology Division at (202) 649-6340.

 

Carolyn G. DuChene
Deputy Comptroller for Operational Risk

Related Links

1  The FFIEC members include the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, the State Liaison Committee, and the Consumer Financial Protection Bureau.