Viewing as:

Multi-vector: cyber attack + key vendor failure

Multi-vector · Severe but plausible · all 8 in-scope services

Scenario narrative

A coordinated extortion campaign strikes the sector: while Meridian's SOC contains a credential-stuffing wave against the digital channel, Cardinal Card Network — itself under attack — suspends authorization services regionally. Four hours in, a destructive payload is confirmed inside Meridian's card switch integration tier. The bank fights simultaneous degradation of card authorization, digital banking, and its fraud-screening SaaS, with vendor and bank recovery timelines compounding.

Shock set
Cardinal Card Network
third partystochastic outage: lognormal (median ≈ 6h)
CardSwitch Authorization
applicationstochastic outage: lognormal (median ≈ 8h)
MobileOne Digital Banking
applicationstochastic outage: lognormal (median ≈ 3h)
FraudShield Analytics
third partyfixed outage: 8h
Run simulation

The Examiner persona is read-only — switch to any operating role to launch a live run. The Monte Carlo executes in a Web Worker: the interface stays fully responsive while 10,000 iterations run.

Monte Carlo · 10,000 iterations · seed 20260404Standard day vs peak/stress day shown side by side; the amber figure is the probability of entering the EWI zone.
Debit Card Authorization
100%
breach probability
100%
amber (EWI) entry
Tolerance breach probability — standard vs peak day
Authorization restorationceiling 30m
Standard
100%
Peak day
100%
Declined genuine transactionsceiling 75,000 transactions
Standard
100%
Peak day
100%
6h 3m
p50
14h 50m
p90
19h
p95
1d 6h
p99
Disruption duration distribution(amber = EWI 66% · red = tolerance)
Asset contribution to breach
Cardinal Card Network94%
CardSwitch Authorization6%

Modal critical path: Cardinal Card Network

Online & Mobile Banking
81%
breach probability
90%
amber (EWI) entry
Tolerance breach probability — standard vs peak day
Digital channel restorationceiling 2h
Standard
0%
Peak day
0%
Failed customer sessionsceiling 100,000 sessions
Standard
81%
Peak day
95%
1h 15m
p50
1h 15m
p90
1h 15m
p95
1h 15m
p99
Disruption duration distribution(amber = EWI 75% · red = tolerance)
Asset contribution to breach
MobileOne Digital Banking100%

Modal critical path: MobileOne Digital Banking

Domestic Wire Payments
0%
breach probability
0%
amber (EWI) entry
Tolerance breach probability — standard vs peak day
Wire service restorationceiling 4h
Standard
0%
Peak day
0%
Failed outbound wiresceiling 500 wires
Standard
0%
Peak day
0%
Delayed wire valueceiling $250.0M
Standard
0%
Peak day
0%
0m
p50
0m
p90
0m
p95
0m
p99
Disruption duration distribution(amber = EWI 75% · red = tolerance)
Asset contribution to breach

No breach-driving assets identified (service unaffected by this shock set).

ACH Origination & Receipt
0%
breach probability
0%
amber (EWI) entry
Tolerance breach probability — standard vs peak day
ACH window recoveryceiling 8h
Standard
0%
Peak day
0%
Delayed ACH entriesceiling 50,000 entries
Standard
0%
Peak day
0%
0m
p50
0m
p90
0m
p95
0m
p99
Disruption duration distribution(amber = EWI 75% · red = tolerance)
Asset contribution to breach

No breach-driving assets identified (service unaffected by this shock set).

Branch & ATM Cash Access
0%
breach probability
0%
amber (EWI) entry
Tolerance breach probability — standard vs peak day
Cash access network restorationceiling 1d
Standard
0%
Peak day
0%
Failed cash withdrawalsceiling 25,000 withdrawals
Standard
0%
Peak day
0%
1h 30m
p50
1h 30m
p90
1h 30m
p95
1h 30m
p99
Disruption duration distribution(amber = EWI 75% · red = tolerance)
Asset contribution to breach
CardSwitch Authorization100%

Modal critical path: CardSwitch Authorization

Commercial Cash Management Portal
0%
breach probability
0%
amber (EWI) entry
Tolerance breach probability — standard vs peak day
Portal restorationceiling 4h
Standard
0%
Peak day
0%
Delayed corporate payment valueceiling $500.0M
Standard
0%
Peak day
0%
0m
p50
0m
p90
0m
p95
0m
p99
Disruption duration distribution(amber = EWI 75% · red = tolerance)
Asset contribution to breach

No breach-driving assets identified (service unaffected by this shock set).

Mortgage Servicing Payments Processing
0%
breach probability
0%
amber (EWI) entry
Tolerance breach probability — standard vs peak day
Payment application recoveryceiling 2d
Standard
0%
Peak day
0%
Misapplied or delayed paymentsceiling 5,000 payments
Standard
0%
Peak day
0%
0m
p50
0m
p90
0m
p95
0m
p99
Disruption duration distribution(amber = EWI 75% · red = tolerance)
Asset contribution to breach

No breach-driving assets identified (service unaffected by this shock set).

End-of-Day Core Processing
0%
breach probability
0%
amber (EWI) entry
Tolerance breach probability — standard vs peak day
Batch completion deadlineceiling 6h
Standard
0%
Peak day
0%
Missed batch cyclesceiling 1 batch cycles
Standard
0%
Peak day
0%
0m
p50
0m
p90
0m
p95
0m
p99
Disruption duration distribution(amber = EWI 66% · red = tolerance)
Asset contribution to breach

No breach-driving assets identified (service unaffected by this shock set).

Regulatory basis
PRA-SS1/21Scenario testingSS1/21 §5

Firms must test their ability to remain within impact tolerances under severe but plausible disruption scenarios, increasing sophistication over time.

OSFI-E21Scenario testing of resilienceE-21 §6

Institutions test critical operations against severe but plausible scenarios, using results to assess whether tolerances would be breached and to remediate weaknesses.

EU-DORADigital operational resilience testingDORA Art.24-26

A proportionate testing programme (including advanced threat-led testing for significant entities) validates the entity's ability to withstand ICT disruption.

BCBS-PORBusiness continuity planning & testingPOR P3

Banks maintain and test business continuity plans under severe but plausible scenarios to continue delivering critical operations through disruption.

Expectations are paraphrased for demonstration; consult the source instruments for authoritative text.

Global search

Search services, processes, assets, scenarios, vulnerabilities, and regulatory provisions