Protect online payments
In light of recent cyberattacks, the Federal Financial Institutions Examination Council is warning financial institutions of the need to actively manage risks associated with interbank messaging and wholesale payment networks.
The FFIEC posted a joint statement in June on its website urging financial institutions to conduct ongoing assessments of their ability to mitigate risks related to information security, business continuity and third-party provider management.
The statement did not contain new regulatory expectations. It was intended to alert financial institutions to cyberattacks exploiting vulnerabilities and unauthorized entry through trusted client terminals running messaging and payment networks. The FFIEC urged financial institutions to review their risk-management practices (including services provided to clients) and to refer to the appropriate FFIEC IT Examination Handbook booklets for guidance.
“Financial institutions should use multiple layers of security controls to establish several lines of defense,” according to the FFIEC statement. “Financial institutions should also ensure that their risk-management processes address the risk posed by compromised credentials.”
Financial institutions should use multiple layers of security controls to establish several lines of defense. Financial institutions should also ensure that their risk-management processes address the risk posed by compromised credentials.”
— Federal Financial Institutions Examination Council
The FFIEC is made up of principals of the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, Consumer Financial Protection Bureau and State Liaison Committee.
Two Federal Reserve task forces are studying ways to improve payment speed and security.
Read More
To help mitigate risks, the FFIEC recommends financial institutions consider the following steps:
Conduct ongoing information security risk assessments. Financial institutions should maintain an ongoing information security risk-assessment program that considers new and evolving threat intelligence related to online accounts. In response to identified risks, institutions should then adjust customer authentication, layered security and other controls.
Perform security monitoring, prevention and risk mitigation. Financial institutions need to ensure protection and detection systems, such as intrusion detection systems and antivirus protection, are up-to-date and firewall rules are configured properly and reviewed periodically.
Protect against unauthorized access. The FFIEC said institutions should limit the number of credentials with elevated privileges, especially administrator accounts, and review access rights periodically to confirm approvals are still appropriate to the job function.
Implement and test controls around critical systems regularly. Institutions should ensure appropriate controls — such as access control, segregation of duties, audit, and fraud detection and monitoring systems — are implemented for systems based on risk.
Enhance information security awareness and training programs. The FFIEC said financial institutions should conduct regular, mandatory information security awareness training, including how to identify and prevent successful phishing attempts.
Participate in industry information-sharing forums. Information-sharing organizations can improve an institution’s ability to identify threats and attack tactics and to mitigate cyberattacks involving destructive malware to its systems.
Agency warns of cyberthreats to bank payment networks
© 2017 OnCourse Learning Corp. All rights reserved
Contact Us
20225 Water Tower Blvd.
Brookfield, WI 53045
BACK TO TOP
More inside this guide
MENU
Contents
HOME
Prevent cyberattacks
Banks must take proactive steps to stay ahead of cybercriminals
Phishing for trouble
Hackers use phishing emails to steal data, penetrate networks
Banks face new cyber regs
New cybersecurity standards could affect large financial institutions
Leading the way
New York establishes first-of-its-kind cybersecurity standards
What you need to know
Ways financial institutions can identify and respond to cyberthreats
Email fraud and cybercrime
Tips to identify red flags and respond to email and cyberthreats
Understand the threats
Learn ways financial institutions can mitigate cyber risks
Reduce cyber risk
OnCourse Learning webinar focuses on cybersecurity issues
Choose the right vendor
Financial institutions can be held responsible for vendor tech failures
Become cyber secure
OnCourse Learning offers cybersecurity training to meet your needs
Take cybersecurity seriously
Guide helps financial institutions identify cyberthreats
Beware of ransomware
Cyberattacks involving ransomware are a growing concern
Stop the bad actors
Terrorists and other groups threaten the financial system
Credit unions raise the bar
Agency creates cybersecurity assessments for credit unions
Cyber preparedness
Why cybersecurity should be a top priority for your financial institution
Increase cyber awareness
Federal and state agencies offer many cyber resources
Protect online payments
Agency warns of cyberthreats to bank payment networks
Training in the cyber age
Preparation is better than remediation when it comes to cybersecurity
How to Navigate
How to Navigate
BROWSE
FIND
MENU
Move forward or backward between articles by clicking the arrows.
Click or tap to bring up the Table of Contents.
READ
SHARE
Share articles by clicking on one of the social media icons in the upper right corner of the page.
Use your mouse wheel, keyboard arrow keys, or scroll bar to move up and down in an article.