On April 2, 2014 the Federal Financial Institutions Examination Council (FFIEC) released a statement related to cyber-attacks on financial institutions’ ATM and Card Authorization Systems. The FFIEC statement notes that there has been an increase in cyber-attacks launched to gain access to and modify the settings on ATMs.
The attacks typically begin with the criminals gaining access to web-based ATM control panels, which allows them to access customer card information. Once the customer card information is available, criminals use the card information to create fraudulent cards and personal identification numbers (PINs). The fraudulent cards and PINs can then be used to withdraw funds from ATMs.
Financial institutions that issue debit, prepaid or ATM cards may face a variety of risks from unlimited operations including operational risks, fraud losses, liquidity and capital risks, depending on the size of the institution and the losses incurred, and reputation risks. Financial institutions that outsource their card issuing function to a card processor may initially be liable for losses even if the compromise occurs at the processor.
Opportunities exist within an organization to minimize the risks of cyber-attacks on ATM and card authorization systems.
For more information on this topic, or to learn how Baker Tilly banking specialists can help, contact our team.