A recent surge in major cash-out fraud at ATMs has federal authorities on alert.
The country's top bank regulators are warning of an increase in cyberattacks on the Web-based control panels of automated teller machines used by small to midsize financial institutions. In this particular strain of attacks, thieves withdraw money with stolen card information beyond the cash balances that customers have in their accounts, or beyond other typical ATM limits.
In one recent attack, crooks hauled off more than $40 million using just 12 debit card accounts.
The Federal Financial Institutions Examination Council (FFIEC) issued a joint statement about the attacks Wednesday, instructing credit unions and banks to check all their systems involved with ATM transactions, including fraud detection software, and make sure employees are trained to identify phishing attempts. The U.S. Secret Service calls the fraud "Unlimited Operations," according to the statement.
The FFIEC includes the Office of the Comptroller of the Currency and the Board of Governors of the Federal Reserve System, among other regulators.
The four-page statement doesn't provide information about specific attacks. Reporters were instructed to direct questions to the Office of the Comptroller of the Currency, but no one was available to discuss the alert late Wednesday.
Tess Rice, general counsel for the Minnesota Bankers Association, said the organization's IT consultant had not heard of any Minnesota banks being hit by this type of ATM cash-out scheme. The consultant interpreted the group's statement "as a reminder to smaller banks to remain vigilant," Rice said in an e-mail.
"His impression is that this is not a new threat, but rather something that banks are prepared for as part of their standard security procedures," Rice said.
