Banking Blog

Finance Blogs » Banking Blog » Cyberattack: A risk to banking

Cyberattack: A risk to banking

By David McMillin ·
Saturday, December 29, 2012
Posted: 6 am ET

As banks continue to suffer through website outages due to distributed denial of service attacks, regulators are warning bank executives to take these attacks very seriously. In an alert issued to the entire banking industry, officials at the U.S. Office of the Comptroller of the Currency last week requested that banks evaluate their risk management processes for dealing with cybercrimes.

"Banks need to have a heightened sense of awareness regarding these attacks and employ appropriate resources to identify and mitigate the associated risks," the alert states.

I'm guessing banks are already very aware of the implications of these attacks. While account holders may be frustrated by the inability to access their online banking statements, those behind these attacks may be looking to do much more than annoy customers. The report highlights that these attacks give thieves breathing room to gain access to accounts while banks work to fix the problems.

Still, while banks are constantly working to protect their mountains of confidential information, they have not been very proactive in educating account holders about these attacks. In some recent cases, banks have simply issued canned statements that their websites are experiencing delays, and they are working to fix the problems.

I can understand the hope to avoid a swarm of account holders with concerns that a group of hackers in Iran or Russia is targeting their money, but these attacks have become so commonplace that consumers do have the right to know about them. Regulators are asking financial institutions to shed some light on the situation for their customers.

"As part of their contingency planning process, banks should be prepared to provide timely and accurate communication to their customers regarding website problems, risks to customers, precautions customers can take, and alternate delivery channels that will meet their banking needs," the alert declares.

How do you think banks should handle customer notifications during cyberattacks? Has your bank sent you any messages about cybercriminals targeting its website?

Bankrate wants to hear from you and encourages comments. We ask that you stay on topic, respect other people's opinions, and avoid profanity, offensive statements, and illegal content. Please keep in mind that we reserve the right to (but are not obligated to) edit or delete your comments. Please avoid posting private or confidential information, and also keep in mind that anything you post may be disclosed, published, transmitted or reused.

By submitting a post, you agree to be bound by Bankrate's terms of use. Please refer to Bankrate's privacy policy for more information regarding Bankrate's privacy practices.
January 01, 2013 at 9:32 am

my account with PNC was recently hacked, however, i only hade $300.00 in that account, most of which I was able to retrieve from the hackers. my bank did not tell me of any hacking until ichecked my account. from this, i will only leave so much money in my account to cover checks that i will cash and put that money in my safe at home, which is cemented into the floor and is water tight. my trust in the banking system is forever lost. no matter their coding and crypting, hackers WILL get into the system and steal the money. i now am my own bank!

Marie Shanahan
January 01, 2013 at 9:19 am

It seems to be that we are suffering "acutely" from our own laziness. These things just weren't possible until very recently. We want things quick and we want it convenient and we are "wiling" to remain unsafe to appease our own desire for immediate gratification.

it we went back to withdrawing funds, physically, from the bank the way we had. If we began writing and mailing checks, etc, we wouldn't be in as deep trouble as we are in now. It just wouldn't be as easy for hackers to threaten us. And how is all this technology making our lives any better, anyway?

So, in the end, we may not give up our thirst for convenience, we may just end up, one way or the other, aiding in destroying the banks on our country, who, obviously, have turned into real "eels", themselves - if the economic collapse is any indication. It's truly disgusting - and to a horrific extreme. So we'll all just stand around, holding a smart phone in one hand, an ice coffee from Starbucks 😉 in the other and watch it burn, instead. We're all lazy nuts.

January 01, 2013 at 8:07 am

My fear is what you're going to see is BANKS charging for extra security while they leave non payers hung out to dry. Just another excuse for banks to suck the blood from their clients. Bring back the neighborhood Savings & Loan This world would be a much better place.

January 01, 2013 at 7:27 am

The big mistake most people make is signing on to their account through an email. Thats a big no-no. Never do that if someone sends an email saying your account has been frozen or need to update your account. Get out of your email and go to the website directly and find out that way. Don't make it easy for these knuckle heads. The banks should have the best security for all.

January 01, 2013 at 6:52 am

I'm truly grateful that we have others who are willing to give the much needed information to protect ourselves.

January 01, 2013 at 4:59 am


January 01, 2013 at 1:56 am

Banks do not want their customers thinking about cyber-crime because the other option to on-line banking is paper statements. Paper statements equate to higher costs. This on-line business is just what the CPA ordered to get the profits back into black.

Ed Walton
January 01, 2013 at 1:30 am

Security, Security, passwords, passwords..thumbprints, retina scans, voice verification, Anywhere you handout your credit/debit card include a password..require new passwords every six months..Track credit cards canceled because of fraud..

Make the punishment fit the cyberCrime..Get tough, get real and get going now or never..Criminals never sleep..EDW

an auditor
January 01, 2013 at 1:20 am

The advantage lies with the cyber fraudster. The old school answer of reviewing logs is still the best method of detection, and this approach is greatly aided by new visualization techniques. Business managers must take a proactive approach before their customers decide the big banks can not protect their assets.

January 01, 2013 at 12:22 am

While it's alright to advise customers after a DDoS has been reasolved, I don't think they actually need to know while it is happening as this is likely to cause panic and more problems. I do however agree that banks need to be proactive and set up systems that can mitigate DDoS and deal with all hacking, which is of far more concern than DDoS which may just be harrassment.