Although they’re often overlooked, ATMs are one of the more common vehicles used to commit financial fraud. Why? The answer is pretty simple: They’re boxes full of cash!
A recent report from FICO Card Alert Service indicates that, in the first half of 2017, there was a 39% increase in the number of payment cards compromised at U.S. ATMs as compared to the same period in 2016.
There are a variety of techniques used today to not only attack the ATM itself, but to gather debit card data in the process. A few we’re seeing:
- Malware/hardware manipulation
- Man in the middle
- Skimming
- Wiretapping
Of these techniques, the two that most often impact ATM security today: skimming and malware/hardware manipulation.
ATM Security: Skimming
In skimming schemes, devices are used to steal card information during an ATM transaction. This type of activity is prevalent, and hard to track. It’s extremely difficult to tell when a skimmer captures your data – and once that data is captured, there’s lots that can be done with it.
Small cameras are often used in conjunction with skimmers to capture PINs. These cameras are either integrated into the skimmer or placed in a nearby, inconspicuous location.
When a card is swiped through a skimmer (which often looks like a regular “insert card here” device), it captures the details stored in the magnetic stripe on the back of the card, including card number, expiration date, and cardholder name. Once this data has been obtained, it can be used online or used to create a counterfeit card.
So, if you’re an ATM user, what can you do to protect yourself? If you notice any of these things, don’t use the ATM, notify the institution, and head inside to complete your transaction if you can:
- Color or material mismatches in the plastic
- Glue/residue on the machine, including tape
- Pieces that don’t match up
- Pieces that wiggle or can be pulled loose
ATM Security: Malware/Hardware Manipulation
By installing malware onto ATM machines, attackers can control how much money is dispensed – and when. This is known as “jackpotting”; it’s been seen globally for a few years, and is just now being experienced in the United States. It’s accomplished in a variety of ways. For example, the bad actor may act as a technician to gain physical access to the machine, and then can insert a new hard drive, malware, and a new keyboard. They can sync these devices to a laptop, a tablet, or a smartphone, and send signals as to when the machine should dispense cash.
Although jackpotting isn’t necessarily a threat to consumers, since it doesn’t jeopardize consumer information or funds, it does create issues for financial institutions and ATM manufacturers/distributors.
The biggest target for jackpotting is currently Diebold Nixdorf ATMs (Optera 500 and 700 models). These machines have unpatched firmware and don’t have antivirus software. But it’s only a matter of time before other ATM manufacturers are impacted.
So, if you’re a financial institution or an ATM manufacturer/distributor, what can you do to ensure ATM security? Here are a few ideas:
- Keep the machine and software/firmware updated with patches
- Run antivirus and security protections
- Swap out default locks and invest in high-security locks
- Watch for any dispenser connection interruptions that appear in the logs (a sign that the machine has been tampered with)
- Actively monitor surveillance footage
- Get to know service technicians, and make sure they’re set up to use two-factor authentication
To learn more about ATM security and how to protect yourself – and to see real-life examples of skimmers (and how difficult they can be to detect on a machine) – watch our free archived webinar here.