Complete Story

FFIEC FIL-10-2014

ATM and Card Authorization Systems


  • Cyber-attacks on financial institutions for the purpose of gaining access to, and altering the settings on, ATM Web-based control panels used by small- to medium-sized institutions have increased.
  • Unlimited Operations are a category of ATM cash-out fraud in which criminals are able to extract funds beyond the cash balance in customer accounts or beyond other control limits typically applied to ATM withdrawals.
  • Financial institutions that issue debit, prepaid, or ATM cards may face a variety of risks from Unlimited Operations, including operational, reputation, fraud, liquidity, and capital risks.
  • Financial institutions should ensure that their risk management processes address the risks from these types of cyber-attacks consistent with the risk management guidance contained in the FFIEC IT Examination Handbook and applicable industry standards.

For the full article click the title >> ATM and Card Authorization Systems

Printer-Friendly Version