Federal Deposit
Insurance Corporation

Spring 2013

Audio (MP3 1.75 mb)

What to Know If Criminals Disrupt a Bank's Internet Services

You may have seen recent news reports about financial institutions' Web sites and online banking services being temporarily disrupted due to cyberattacks from a variety of sources. These assaults, generally referred to as denial-of-service attacks, occur when criminals deliberately inundate computers that handle Internet traffic (also called Web servers) with so many requests at the same time that they cause a financial institution's site to "crash" for anywhere from a few minutes to several days.

"The motive behind most denial-of-service attacks to date has been to damage the targeted institution’s reputation by keeping customers from accessing its Web site or online banking system and causing people to believe something is seriously wrong with the bank," said Michael Benardo, manager of the FDIC’s Cyber Fraud and Financial Crimes Section. "In reality, denial-of-service attacks to date have done little more than temporarily inconvenience Internet banking customers. The financial industry has responded well to these attacks, and customer information and accounts have remained secure."

Benardo also noted that federal banking regulators review how individual institutions carry out security measures and manage denial-of-service incidents. Part of that is making sure every bank has contingency plans for how to handle a prolonged service interruption.

Also, the regulators require that banks issue notices if there has been unauthorized access to sensitive data, including Social Security numbers, account numbers, passwords and other information that could result in "substantial harm or inconvenience to any customer." Benardo added that "if you receive one of these notices, your financial institution will explain what you should do to protect yourself."

If you have questions or concerns about cyberattacks, speak with a bank representative.