Agencies Issue Denial of Service Guidance and Guidance on ATMs
Monday, April 7, 2014
Money
Print Mail Download i

On April 3, the members of the Federal Financial Institutions Examination Council (FFIEC), including the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, the State Liaison Committee and the Consumer Financial Protection Bureau (the Members) issued a joint statement to notify financial institutions of the risks associated with the continued distributed denial-of-service (DDoS) attacks and the steps that institutions are expected to take to address these attacks. The joint statement refers institutions to resources to help them mitigate the risks posed by such attacks.The Members  

expect financial institutions to address DDoS readiness as part of their ongoing information security and incident response plans. Each institution is expected to 

  • monitor incoming traffic to its public Web site,

  • activate incident response plans if it suspects that a DDoS attack is occurring and

  • ensure sufficient staffing for the duration of the attack, including the use of previously contracted third-party services, if appropriate.

Community banks “should ensure that their in-house information technology units or their service providers are taking appropriate action to mitigate this risk.”

Further, the Members issued a joint statement to notify financial institutions of a large-dollar-value automated teller machine (ATM) cash-out fraud characterized as Unlimited Operations by the US Secret Service. The Members “are aware of a recent increase in cyber-attacks on financial institutions launched in connection with this fraud to gain access to, and alter the settings on, ATM Web-based control panels used by small-to-medium-sized financial institutions.”

The Members 

expect financial institutions to take steps to mitigate this threat by ensuring that

  • each institution’s and service provider’s management of enterprise risk addresses this type of threat in its risk assessment process and

  • controls associated with institution’s information technology networks, card issuer authorization systems, systems that manage ATM parameters, and fraud detection and response processes are reviewed for adequacy against this threat.

Community banks with ATMs “should work closely with their service providers and ensure that the providers are taking appropriate action to mitigate this risk.”

Read more.

©2024 Katten Muchin Rosenman LLP

Current Legal Analysis

More from Katten

SEC Stays Climate Disclosure Regulations in Response to Consolidated Eighth Circuit Challenges
by: Farzad F. Damania , Ryan A. Lilley
UK HMT Publishes Policy Paper on its Approach to Designation of Critical Third Parties
by: Nathaniel W. Lalone , Ciara McBrien
UK FCA Publishes Guidance on Social Media Financial Promotions
by: Neil Robson , Carolyn H. Jackson
FCA Proposes ‘New’ Option for Investment Research Payments – Back to Bundled Payments?
by: Neil Robson , Sara Portillo
Tennessee Expands Right-of-Publicity Statute to Cover AI-Generated Deepfakes
by: Amelia E. Bruckner
NYDFS Cybersecurity Regulation Deadlines Approaching on April 15 and April 29
by: Trisha Sircar
Cybersecurity Administration of China Issues Relaxed Rules for Cross-Border Data Transfers
by: Trisha Sircar
TMA Chicago Midwest Podcast Hosted by Paul Musser | Judge Timothy A. Barnes on Bankruptcy Trends and His Path to the Bench [Podcast]
by: Paul T. Musser
New York Attorney General Sues JBS for Alleged Greenwashing
by: Christopher A. Cole
Third Circuit Says Statutory Trusts are ‘Covered Persons' Under Consumer Financial Protection Act
by: Chris DiAngelo , Christina Grigorian

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins