Security Center

Alerts
August 26, 2009

THE FEDERAL DEPOSIT INSURANCE CORPORATION IS AWARE OF AN INCREASED NUMBER OF FRAUDULENT EFT TRANSACTIONS RESULTING FROM COMPROMISED LOGIN CREDENTIALS.

The Federal Deposit Insurance Corporation (FDIC) is alerting financial institutions that provide Web-based payment origination services for business customers to increased reports of fraudulent EFT transactions resulting from compromised login credentials. Over the past year, the FDIC has detected an increase in the number of reports and the amount of losses resulting from unauthorized EFTs, such as automated clearing house (ACH) and wire transfers. In most of these cases, the fraudulent transfers were made from business customers whose online business banking software credentials were compromised.

Financial institutions and technology service providers can refer to the following guidance for additional information on authentication and information security for high-risk transactions:

Financial institutions and technology service providers can refer to the following guidance for additional information on authentication and information security for high-risk transactions:

• FFIEC Guidance Authentication in an Internet Banking Environment
• Authentication in an Internet Banking Environment Frequently Asked Questions
• FFIEC Information Security Examination Handbook - PDF
• FFIEC Retail Payment Systems Examination Handbook
• FDIC Guidance on Mitigating Risks from Spyware
• Information about cyber-fraud incidents and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 550 17th Street, N.W., Room F-4004, Washington, D.C. 20429, or transmitted electronically to alert@fdic.gov. Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp.
• For your reference, FDIC Special Alerts may be accessed from the FDIC's website at :
  www.fdic.gov/news/news/SpecialAlert/2009/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.