OCC BULLETIN 2014-13
Subject: Cyber Attacks on Financial Institutions' Automated Teller Machine and Card Authorization Systems
Date: April 2, 2014
To: Chief Executive Officers of All National Banks, Federal Branches and Agencies, Federal Savings Associations, Technology Service Providers, Department and Division Heads, All Examining Personnel, and Other Interested Parties
Description: Joint Statement
The members of the Federal Financial Institutions Examination Council (FFIEC)1 today issued a joint statement to notify financial institutions of a large-dollar-value automated teller machine (ATM) cash-out fraud characterized as Unlimited Operations by the U.S. Secret Service. The members are aware of a recent increase in cyber-attacks on financial institutions launched in connection with this fraud to gain access to, and alter the settings on, ATM Web-based control panels used by small-to-medium-sized financial institutions.
The members of the FFIEC expect financial institutions to take steps to mitigate this threat by ensuring that
Questions regarding the FFIEC statement should be directed to the OCC’s Bank Information Technology Division at (202) 649-6340.
Carolyn G. DuChene
1 The FFIEC members include the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, the State Liaison Committee, and the Consumer Financial Protection Bureau.