The Federal Financial Institutions Examination Council (FFIEC) members have warned banks against an automated teller machines (ATM) fraud called ‘Unlimited Operations’, which could attack their ATMs and card authorisation systems and result in huge fraudulent withdrawals.
According to FFIEC, the new cyber attack allows criminals to withdraw funds beyond the cash balance from customers’ accounts.
Go deeper with GlobalData
They initially gain access to Web-based ATM control panels and then use stolen customer debit, prepaid or ATM card account information to withdraw funds beyond the control limits.
A recent Unlimited Operations attack resulted in over $40m loss using only 12 debit card accounts.
FFIEC said the FFIEC members expect financial institutions to take steps to address this threat by reviewing the adequacy of their controls over their information technology networks, card issuer authorisation systems, systems that manage ATM parameters, and fraud detection and response processes.
"Each institution is expected to monitor incoming traffic to its public Website, activate incident response plans if it suspects that a DDoS attack is occurring, and ensure sufficient staffing for the duration of the attack, including the use of pre-contracted third-party servicers, if appropriate," FFIEC added.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalData
