News & Resources

What's better than a fire drill to secure ACH cards?

Sep 27, 2013 Dave King

What's better than a fire drill to secure ACH cards?

The growing prevalence of data breaches and subsequent identity theft has led many organizations to begin to rethink defenses. Studies indicate that the most common causes of ACH card and wire fraud are human error in the records management process, as well as a complete lack of security software such as firewalls and data protection solutions.

Now, many financial institutions are beginning to take advantage of simulation-based training and vulnerability checks in defense of sensitive information. Regardless of what threat an organization might face, simulative training and assessments have been found to be among the most effective and proactive measures to secure systems, data and personnel against cyber attacks.

Group think prevails

BankInfoSecurity recently reported that one regional payments association has decided to launch a cyber-attack exercise that will essentially simulate the exact symptoms and processes that go into a major data breach of financial information. While standard vulnerability checks can be effective in defending against certain attacks, this simulation will take the testing process to a whole new level.

The news provider explained that more than 1,000 financial institutions have already signed up to participate in this test, while each attendee will get a chance to see how their defenses stack up to the most advanced types of threats. Like a fire drill, there will be virtually no risk associated with this event, while the rewards will be substantial for decision-makers and low-level employees alike.

According to the source, all of the simulated attacks will generally trace back to account-takeover threats, which are among the most commonly used when trying to breach databases of major financial institutions. Though banks are thus far the leading participants in this drill, alternative financial services providers, as well as any organizations that manage financial information, are urged to join.

BankInfoSecurity stated that the regional payment processor will carry out phishing, Distributed-Denial-of-Service (DDoS), veil fraud and ACH and wire fraud attacks against the participants. Those participating in the event will then be able to clearly evaluate how their defense structures stacked up against the attacks, and work together to formulate more effective protocols.

The source noted that participants are welcomed to sign up for the exercise at

Why is this groundbreaking?
Organizations in the public and private sectors have finally started to recognize the inherent threats of digital payment processing and financial information transfers, such as those carried out through ACH cards. However, data breaches, especially those related to the financial sector, have continued to expand in both volume and associated damages.

This type of approach to defense is among the most effective because it directly mimics all of the challenges that arise during an all out assault on corporate databases. Vulnerability assessments need to be as realistic as possible to accurately depict how safe a company is from cyber threats, and this exercise fits that criteria.

Regardless of what defenses are in place or which threats face an organization, proactive, robust and comprehensive evaluations should be carried out regularly to avoid the massive damages of data breach.