Please enable JavaScript to view the comments powered by Disqus.

COVID-19 RESOURCES AND INFORMATION: See the Atlanta Fed's list of publications, information, and resources for help navigating through these uncertain times. Also listen to our special Pandemic Response webinar series.


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Comment Standards:
Comments are moderated and will not appear until the moderator has approved them.

Please submit appropriate comments. Inappropriate comments include content that is abusive, harassing, or threatening; obscene, vulgar, or profane; an attack of a personal nature; or overtly political.

In addition, no off-topic remarks or spam is permitted.

April 15, 2013

Do Cyberattacks Threaten Confidence in Our Payment Systems?

This past October, former Defense Secretary and CIA Director Leon Panetta said, "A cyberattack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11." In the days leading up to this statement, multiple major U.S. banks were the targets of cyberattacks known as distributed denial of service (DDOS). In these attacks, which continue to take place on a steady basis, a bank's servers are overwhelmed by a flood of messages from networks of computers infected with malicious software (botnets) leading to website outages. Frequently, these attacks are politically motivated and are undertaken by foreign states. They are intended to be disruptive and create customer service dissatisfaction rather than to commit fraud.

At a recent conference I attended, security expert and former senior White House Advisor Richard Clarke suggested that technology and automated tools currently used to detect and prevent these attacks aren't always effective. For instance, firewalls can be penetrated and, although antivirus tools are good protection against the general hacker, they may not be as effective against the sophisticated malware that the well-organized bad guys are creating at alarming rates. The primary goal of implementing security measures is prevention, of course, but we have to be realistic in accepting there will always be some number of successful attacks requiring post attack countermeasures.

To date, these DDOS attacks have created only short-term inconveniences for consumers. I believe that consumers' overall confidence in payment systems remains high, and rightfully so. But the threat for a mass disruption to financial institutions and the payments community through a cyberattack on U.S. companies is real. Consider the potential ramifications that a nationwide cyberattack could have on the U.S. banking and payment systems. We need only look at the cash crunch that Hurricane Sandy caused to the payment system in the Northeast last October, when the area experienced prolonged electrical and resulting communication outages. The banking community, led by FS-ISAC and others, must continue its efforts to not only prevent, but also plan for a response to an extended, widespread cyberattack to avoid even worse disruptions and a subsequent loss in confidence in our payment systems.

Douglas A. KingBy Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

Take On Payments Search

Recent Posts