Protect online payments
In light of recent cyberattacks, the Federal Financial Institutions Examination Council is warning financial institutions of the need to actively manage risks associated with interbank messaging and wholesale payment networks.
The FFIEC posted a joint statement in June on its website urging financial institutions to conduct ongoing assessments of their ability to mitigate risks related to information security, business continuity and third-party provider management.
The statement did not contain new regulatory expectations. It was intended to alert financial institutions to cyberattacks exploiting vulnerabilities and unauthorized entry through trusted client terminals running messaging and payment networks. The FFIEC urged financial institutions to review their risk-management practices (including services provided to clients) and to refer to the appropriate FFIEC IT Examination Handbook booklets for guidance.
“Financial institutions should use multiple layers of security controls to establish several lines of defense,” according to the FFIEC statement. “Financial institutions should also ensure that their risk-management processes address the risk posed by compromised credentials.”
Financial institutions should use multiple layers of security controls to establish several lines of defense. Financial institutions should also ensure that their risk-management processes address the risk posed by compromised credentials.”
— Federal Financial Institutions Examination Council
The FFIEC is made up of principals of the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, Consumer Financial Protection Bureau and State Liaison Committee.

Two Federal Reserve task forces are studying ways to improve payment speed and security.
Read More
To help mitigate risks, the FFIEC recommends financial institutions consider the following steps:
Conduct ongoing information security risk assessments. Financial institutions should maintain an ongoing information security risk-assessment program that considers new and evolving threat intelligence related to online accounts. In response to identified risks, institutions should then adjust customer authentication, layered security and other controls.
Perform security monitoring, prevention and risk mitigation. Financial institutions need to ensure protection and detection systems, such as intrusion detection systems and antivirus protection, are up-to-date and firewall rules are configured properly and reviewed periodically.
Protect against unauthorized access. The FFIEC said institutions should limit the number of credentials with elevated privileges, especially administrator accounts, and review access rights periodically to confirm approvals are still appropriate to the job function.
Implement and test controls around critical systems regularly. Institutions should ensure appropriate controls — such as access control, segregation of duties, audit, and fraud detection and monitoring systems — are implemented for systems based on risk.
Enhance information security awareness and training programs. The FFIEC said financial institutions should conduct regular, mandatory information security awareness training, including how to identify and prevent successful phishing attempts.
Participate in industry information-sharing forums. Information-sharing organizations can improve an institution’s ability to identify threats and attack tactics and to mitigate cyberattacks involving destructive malware to its systems.
Agency warns of cyberthreats to bank payment networks
article-down-arrow
© 2017 OnCourse Learning Corp. All rights reserved
Contact Us
20225 Water Tower Blvd. Brookfield, WI 53045
BACK TO TOP
More inside this guide
share-dots-shadowleft-arrowright-arrowright-arrow-3
hamburguer-icon-shadow
MENU
X
Contents
HOME
arrow
arrow
Prevent cyberattacks
Landing-524882074
Banks must take proactive steps to stay ahead of cybercriminals
landing-506789534
Phishing for trouble
Hackers use phishing emails to steal data, penetrate networks
arrow
landing-81178245
Banks face new cyber regs
New cybersecurity standards could affect large financial institutions
arrow
callout-619521204
Leading the way
New York establishes first-of-its-kind cybersecurity standards
arrow
Landiing-522152569
What you need to know
Ways financial institutions can identify and respond to cyberthreats
arrow
landing-483590337-_1_
Email fraud and cybercrime
Tips to identify red flags and respond to email and cyberthreats
arrow
Landing-474096848
Understand the threats
Learn ways financial institutions can mitigate cyber risks
arrow
landing-518856699
Reduce cyber risk
OnCourse Learning webinar focuses on cybersecurity issues
arrow
Landing-639086112
Choose the right vendor
Financial institutions can be held responsible for vendor tech failures
arrow
ThinkstockPhotos-506752188
Become cyber secure
OnCourse Learning offers cybersecurity training to meet your needs
arrow
ThinkstockPhotos-487159125
Take cybersecurity seriously
Guide helps financial institutions identify cyberthreats
arrow
Landing-492263357
Beware of ransomware
Cyberattacks involving ransomware are a growing concern
arrow
landing-521421311
Stop the bad actors
Terrorists and other groups threaten the financial system
arrow
landing-78288589
Credit unions raise the bar
Agency creates cybersecurity assessments for credit unions
arrow
landing-468005219
Cyber preparedness
Why cybersecurity should be a top priority for your financial institution
arrow
landing-637910478
Increase cyber awareness
Federal and state agencies offer many cyber resources
arrow
landing-81859699
Protect online payments
Agency warns of cyberthreats to bank payment networks
arrow
Landing-506709328
Training in the cyber age
Preparation is better than remediation when it comes to cybersecurity
arrow
logo
How to Navigate
X
How to Navigate
BROWSE
FIND
right-arrowleft-arrow
hamburguer-icon-shadow
MENU
Move forward or backward between articles by clicking the arrows.
Click or tap to bring up the Table of Contents.
READ
facebooktwitterLinkedin
SHARE
scroll
Share articles by clicking on one of the social media icons in the upper right corner of the page.
Use your mouse wheel, keyboard arrow keys, or scroll bar to move up and down in an article.