Security & Fraud

FDIC Steps Up Its Security Efforts

FDIC takes on new security rules

The Federal Deposit Insurance Corporation (FDIC) is taking a new approach to cybersecurity.

The banking regulator announced on Tuesday (Aug. 9) that it plans to take on a slew of new steps that it said will help to enhance the security of the information it is responsible for holding.

In a press release, the FDIC outlined the following efforts it has made over the last several months as part of its focus on information security:

  • expanded our use of multi-factor authentication for securely downloading assessment invoices and official FDIC correspondence and performing other secure file exchanges;
  • discontinued individuals' ability to copy information to removable media, such as CDs, DVDs, external hard drives and thumb drives;
  • signed a memorandum of understanding to migrate to an intrusion prevention, detection and monitoring system from the Department of Homeland Security that will help detect and block outside cyberthreats;
  • implemented new controls to limit printing of sensitive information and better monitor information printed in the highest risk areas; and
  • engaged an independent, third-party firm to conduct an end-to-end assessment of the FDIC IT security and privacy programs. UPDATE: The assessment began in early August.

The FDIC said the actions noted above were done in conjunction with some of the other measures it already has in place, such as data encryption, device encryption (laptop hard drives) and a Data Loss Prevention program that monitors information being sent via email and websites, as well as information that is printed out.

“Information security is critical to the FDIC's ability to carry out its mission of maintaining stability and public confidence in the nation's financial system,” the organization said. “The FDIC will remain alert and continue to adjust our security controls in light of the changing threat landscape.”

Earlier this year, the FDIC’s cybersecurity practices were called into question by House lawmakers due to its handling of notifications following a string of data breaches.

An investigation led by House lawmakers uncovered “significant shortfalls” in the FDIC’s cybersecurity policies, which may have left it vulnerable to hackers gaining access to private information and regulatory data.

Two incidents that took place around May involved 10,000 sensitive and private data records to be downloaded by workers onto storage devices before they left the agency.

Upon learning of the breaches, the FDIC also discovered that there were five other incidents where this same behavior had occurred, according to Rep. Barry Loudermilk (R-GA), who is the chair of the House of Representatives subcommittee on oversight.

Altogether, this led to the personal data of more than 160,000 people being impacted, according to a Reuters report.



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.

Click to comment