Banking Blog

Finance Blogs » Banking » Cyberattack: A risk to banking

Cyberattack: A risk to banking

By David McMillin · Bankrate.com
Saturday, December 29, 2012
Posted: 6 am ET

As banks continue to suffer through website outages due to distributed denial of service attacks, regulators are warning bank executives to take these attacks very seriously. In an alert issued to the entire banking industry, officials at the U.S. Office of the Comptroller of the Currency last week requested that banks evaluate their risk management processes for dealing with cybercrimes.

"Banks need to have a heightened sense of awareness regarding these attacks and employ appropriate resources to identify and mitigate the associated risks," the alert states.

I'm guessing banks are already very aware of the implications of these attacks. While account holders may be frustrated by the inability to access their online banking statements, those behind these attacks may be looking to do much more than annoy customers. The report highlights that these attacks give thieves breathing room to gain access to accounts while banks work to fix the problems.

Still, while banks are constantly working to protect their mountains of confidential information, they have not been very proactive in educating account holders about these attacks. In some recent cases, banks have simply issued canned statements that their websites are experiencing delays, and they are working to fix the problems.

I can understand the hope to avoid a swarm of account holders with concerns that a group of hackers in Iran or Russia is targeting their money, but these attacks have become so commonplace that consumers do have the right to know about them. Regulators are asking financial institutions to shed some light on the situation for their customers.

"As part of their contingency planning process, banks should be prepared to provide timely and accurate communication to their customers regarding website problems, risks to customers, precautions customers can take, and alternate delivery channels that will meet their banking needs," the alert declares.

How do you think banks should handle customer notifications during cyberattacks? Has your bank sent you any messages about cybercriminals targeting its website?

«
»
Bankrate wants to hear from you and encourages comments. We ask that you stay on topic, respect other people's opinions, and avoid profanity, offensive statements, and illegal content. Please keep in mind that we reserve the right to (but are not obligated to) edit or delete your comments. Please avoid posting private or confidential information, and also keep in mind that anything you post may be disclosed, published, transmitted or reused.

By submitting a post, you agree to be bound by Bankrate's terms of use. Please refer to Bankrate's privacy policy for more information regarding Bankrate's privacy practices.
22 Comments
Henry Case
January 01, 2013 at 2:54 pm

There's only so much a bank or any customer can do. I don't understand why the federal government doesn't require that ISPs shut off abusing domains. Any decent ISP knows exactly where the SPAM is coming from but they do little or nothing to do anything long term.

George
January 01, 2013 at 2:15 pm

There are many, many times more hackers and script kiddies who use denial attacks than there are banks so any bank could be hit almost continuously for months if Anonymous or AntiSec (search), becide to launch full scale attacks. Denial attacks are unlikely to be anything more for customers than an inconvenience. Actual hacking into the banks customer accounts is far, far more difficult but possible in some cases. This is why the Feds want the banks to take hacking and denial attacks more seriously.

Diane
January 01, 2013 at 12:22 pm

PNC is my bank - several occasions when I couldn't log in. Every time I inquire their reply has been that it is down for safety issues. How many times can this happen? Thankfully, my accounts have been unaffected.

Bruce from Rockford
January 01, 2013 at 12:04 pm

I have seen them use PNC logo before without any mention of PNC in the article. I think they are using the PNC logo because PNC is a large bank and the other large banks have had their share of bad press. MHO

Clair
January 01, 2013 at 11:52 am

I bank at PNC - Why is their logo on the headline?

jay fenex
January 01, 2013 at 11:32 am

Sirs:
My bank is experiencing cyberattacks and my account has been affected. There has been no theft so far but I keep an eye on it.

Candy
January 01, 2013 at 11:18 am

About a year ago, I received a new MAC card from PNC and when I called to ask why (I had only recently opened the account), I was told there was a potential hacking threat. Fortunately, PNC was on top of it and handled the issue immediately. No matter where you bank, the threat is there. PNC, like other institutions, constantly monitors - in this day & age, it's the best we can hope for.

wayne clifford
January 01, 2013 at 11:05 am

for real, I cannot use my online service . is this the beginning. this would be the second time I had problems because of hacker issues. I hope PNC is on top of this.

Brenda
January 01, 2013 at 10:47 am

It is horrible that every time we turn around there is something else to worry about. I am beginning not to trust anyone. My account was hacked at PNC. They caught it right away and I feel fortunate that they did. In a world of high-tech this is what we can expect. I can imagine it will get worse as we progress unless there is some way to figure out how to stop cyber crime. I think we were better off when we used a pen and pencil. The only problem then was when you ran out of ink or you broke the lead in your pencil and did not have a pencil sharpener.

mark
January 01, 2013 at 9:54 am

Every thief always looks for holes. Write a rule and the bad guy will find a way to get around it. If you leave your keys in the car a thief will think you left the keys just for them.... that's the way they think.

LOW TECH RULES.