08 December 2016
Visit aciworldwide.com

Banks losing millions to new wave of ATM hacks - FFIEC

03 April 2014  |  9354 views  |  4 ATM 2

US regulators have warned banks to protect their automated teller machines and card authorisation systems from a fresh wave of cyber-attacks that seek to exploit ATM control weaknesses to spew out millions of dollars in fraudulent withdrawals.

The Federal Financial Institutions Examination Council is alerting banks to an alarming rise in ATM fraud dubbed 'Unlimited Operations' by the Secret Service, where criminals are able to withdraw funds beyond the cash balance in customer accounts or beyond other control limits typically applied to cash machine withdrawals.

Criminals perpetrate the fraud by initiating cyber-attacks to gain access to Web-based ATM control panels, which enables them to withdraw customer funds from ATMs using stolen customer debit, prepaid, or ATM card account information.

The FFIEC says a recent Unlimited Operations attack netted over $40 million in fraud using only 12 debit card accounts.

"Unlimited Operations may cause financial institutions to incur large dollar losses," says the watchdog. "Therefore, the (FFIEC) members expect financial institutions to take steps to address this threat by reviewing the adequacy of their controls over their information technology networks, card issuer authorisation systems, systems that manage ATM parameters, and fraud detection and response processes."

The FFIEC is also calling on banks to step up their readiness to repel Distributed Denial of Service Attacks that aim to cripple public-facing Websites.

Says the regulator: "Each institution is expected to monitor incoming traffic to its public Website, activate incident response plans if it suspects that a DDoS attack is occurring, and ensure sufficient staffing for the duration of the attack, including the use of pre-contracted third-party servicers, if appropriate."

Read the full statement:» Download the document now 272.8 kb (PDF File)

Comments: (4)

Alexander Peschkoff
Alexander Peschkoff - TEDIPAY - London | 03 April, 2014, 11:33

It's about "the weakest link"...

Cardless ATMs (with out-of-bound authentication via the phone) is the future. Most importantly, no h/w change is needed at all on the ATM level.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Andrew Smith
Andrew Smith - CloudZync - London | 03 April, 2014, 17:11

There are some great proof of concept solutions to remove cards from ATM using mobile and more....This is for sure the future.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 04 April, 2014, 07:27 If the ATMs didn't accept magstripe, the crims wouldn't be able to clone cards. And ... if financial institutions weren't forced to over-resource the ever increasing demands of PCI and the protection of the PAN, perhaps they could pay more attention to the vulnerabilities of the ATM control network. Chip and PIN is the future!
Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Alexander Peschkoff
Alexander Peschkoff - TEDIPAY - London | 04 April, 2014, 08:36 C&P requires ATM change and is still vulnerable to a degree. Cardless cash withdrawal allows to use ANY existing ATM. That approach excludes non-smartphone users, but with prices below $100 those will be few and far between. One can still attack cardless ATMs via "inside job", but that's another story...
Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Feds bust international card fraud gang

Feds bust international card fraud gang

01 April 2014  |  5129 views  |  0 comments | 4 tweets | 5 linkedin
Hacked Target hastens migration to chip cards

Hacked Target hastens migration to chip cards

05 February 2014  |  6247 views  |  0 comments | 4 tweets | 9 linkedin
Bank Muscat to recover $39m card fraud losses

Bank Muscat to recover $39m card fraud losses

02 December 2013  |  3896 views  |  0 comments | 4 tweets | 2 linkedin
Millions looted as DDoS attacks provide cover for wire transfer heists

Millions looted as DDoS attacks provide cover for wire transfer heists

22 August 2013  |  7860 views  |  0 comments | 13 tweets | 8 linkedin
Man pleads guilty in $200m credit card fraud case; eight charged over $15m cash-out hack

Man pleads guilty in $200m credit card fraud case; eight charged over $15m cash-out hack

13 June 2013  |  7612 views  |  0 comments | 1 tweets | 3 linkedin
Crooks steal $11m in ATM heists; 18 accused of £200m card fraud

Crooks steal $11m in ATM heists; 18 accused of £200m card fraud

06 February 2013  |  6740 views  |  0 comments | 7 tweets
EU card fraud nets organised crime EUR1.5bn a year - Europol

EU card fraud nets organised crime EUR1.5bn a year - Europol

08 January 2013  |  11023 views  |  1 comments | 16 tweets | 3 linkedin
Bank settles with hacked customer over ACH fraud losses

Bank settles with hacked customer over ACH fraud losses

29 November 2012  |  7813 views  |  0 comments | 6 tweets | 7 linkedin

Related blogs

Create a blog about this story (membership required)
Find out moreVisit contisgroup.comhttp://www.financialcrimerisk.fiserv.com/aml?r=finextra

Top topics

Most viewed Most shared
Guesswork alone can crack Visa card security - Newcastle UniversityGuesswork alone can crack Visa card securi...
7609 views 12 comments | 15 tweets | 27 linkedin
OCC to offer fintech firms bank charter statusOCC to offer fintech firms bank charter st...
7377 views comments | 25 tweets | 15 linkedin
China tops world fintech rankingsChina tops world fintech rankings
7279 views comments | 36 tweets | 30 linkedin
Fed Governor sounds warning on alternative credit scoring dataFed Governor sounds warning on alternative...
6457 views comments | 19 tweets | 20 linkedin
EBA bends under weight of PSD2 mandatesEBA bends under weight of PSD2 mandates
6083 views comments | 32 tweets | 43 linkedin

Featured job

to Six-Figure Base, Bonus, Benefits
London, UK

Find your next job