FIS Faulted on Security by Feds
The NCUA has asked credit unions that process their debit and credit card transactions with FIS to evaluate their relationship with the card processor in light of an information technology supervisory letter the company has received from other federal financial regulators.
FIS processes credit and debit card transactions for the majority of card-issuing credit unions and has about 5,400 client credit unions.
The company revealed the Sunrise prepaid card breach in a quarterly performance filing in May of last year and reported it lost about $13 million related to unauthorized activities and stated that more than 7,100 prepaid accounts may have been at risk of theft. The company also said it had taken steps to improve security and pledged to continue working with law enforcement on the matter.
In the supervisory letter, the federal regulators wrote that the Sunrise breach took place from January to April of last year and cost at least $12.7 million. The regulators also noted that a forensics investigation FIS obtained found “widespread weaknesses in fundamental information security controls that included the overall inability of the [chief information security officer] function to identify and control all information security related assets across the organization.”