The FBI has warned U.S. banks that cyber criminals are planning a global cash-out blitz at ATMs. Criminals plan to hack bank or payment card processors and use cloned cards at ATMs around the world to fraudulently withdraw millions of dollars in just a few hours.
Evidence from the FBI
“The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation,’ reads a confidential alert the FBI shared with banks.
“Historic[al] compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities. The FBI expects the ubiquity of this activity to continue or possibly increase in the near future.”
The Bureau has been urging banks to review security procedures and implement strong password requirements along with two-factor authentication. It has requested bank administrators to use digital or physical tokens for added security when handling critical roles.
How can banks protect themselves?
Any organization, be it a bank or local retail store, that stores, transmits, or processes cardholder data must comply with the PCI DSS (Payment Card Industry Data Security Standard). Not only does PCI DSS compliance help mitigate the risk of losing sensitive information but it also helps prevent point-of-sale malware from attacking systems.
Looking to comply with the PCI DSS? Get more information and guidance from the experts. Find out more >>
Looking for help with your PCI-compliant documentation? IT Governance’s PCI DSS Documentation Toolkit contains easy-to-use, fully customizable templates to help produce PCI-compliant documentation. Find out more >>
Need to test your systems for vulnerabilities?
Penetration testing can help to identify, fix, and prevent vulnerabilities within your systems. Find out more >>