The Financial Services Information Sharing and Analysis Center (FS-ISAC ) – a non-profit, member-driven corporation established in 1999 — helps assure the resilience and continuity of the global financial services infrastructure. FS-ISAC helps its 7000 financial institution members across 39 countries to share relevant and timely threat and vulnerability information, conduct coordinated contingency planning exercises, and participate in cyber range exercises. The FS-ISAC manages rapid response communications, conducts education and training programs, runs several notable industry events, and fosters collaborations with and among other key sectors and government agencies.
FS-ISAC constantly gathers, analyzes and shares information between its members, supplementing this with information from financial services providers, commercial security firms, government entities, and other trusted resources. It quickly disseminates alerts, analysis, best practices, and other critical information to help the sector to prepare for, respond to, and mitigate risks and threats. FS-ISAC also publishes best practice papers, incident response playbooks, threat reports, executive briefs, and more.
The FS-ISAC includes dozens of committees and special interest working groups. There are several councils that may be of interest to practitioners in the payments system:
- Payments Processor Information Sharing Council (PPISC). The PPISC brings together stakeholders in the payments field to develop solutions, identify best practices, and facilitate the exchange of information resulting in a more efficient and secure use of electronic payments and related practices. This council has a focus on card payments and includes FS-ISAC members of payment processor organizations only.
- Payments Risk Council (PRC). The PRC shares information on current threats and payment risk mitigation for ACH, wire and check payments. The council is responsible for producing and conducting the CAPS (Cyber-Attack Against the Payment Systems) exercises. This FS-ISAC council is open to payment risk professionals from financial institutions, clearing houses, payment processors and leaders with payment risk responsibility for regional and nation payment associations.
- Community Institutions and Associations Council (CIAC). The CIAC shares general information about fraudulent activities such as dates, geographical area, dollar amounts and other information.
- Compliance and Audit Council (CAC). The CAC shares information on industry best practices, discusses the latest regulatory developments and works to find out how peer organizations are handling the latest compliance, audit, legal, and control issues.
Participation in the PPISC, PRC, CIAC and CAC requires membership in the FS-ISAC. In addition, the FS-ISAC offers a free membership with very limited services called the Critical Notification Only Participation (CNOP), designed for financial institutions who only want to receive the most critical public alerts.