Skip to main content

Financial Institution Threat Analysis: ATM Security

ATM skimming is a long-standing threat for terminal operators, but jackpotting, cash-outs and software glitches are newer schemes that have emerged over the last five years. Responsibility for the security of your ATM fleet should not fall with one department. It should be a collaborative effort between your frontline, operations and IT teams. While there are many well documented procedures available for eradicating ATM skimming devices, new threats could be taking advantage of vulnerabilities in your systems and processes.

Before we get into what each department should look for, let’s review the various schemes

ATM Fraud Schemes:
  • Skimming – Fraudsters attach a scanning device over the card reader slot to record account details from the magnetic strip. In many cases a camera is also attached to record PINs. Once this information is obtained, fraudsters are able to create counterfeit cards for use with a PIN or online.
  • Jackpotting – Fraudsters obtain physical access to the ATM and download malware to the hard drive to control the cash dispenser. The malware enables the fraudsters to command the ATM to dispense cash.
  • Cash-Out – Cyber-criminals are able to infiltrate the internal workings of a financial institution’s core systems. They then have the ability to increase account balances and daily transactions limits. From there, money mules around the world are sent to ATMs to quickly withdraw as much money as possible prior to detection.
  • Cash Trapping – A device placed into the cash slot blocks an ATM’s ability to dispense bills, preventing cardholders from retrieving their money. Once the cardholder leaves the location, the criminal retrieves the cash.
  • Software Glitches – Fraudsters take advantage of software that is not upgraded or patched. In a recent example, fraudsters used  a “cheat code” or sequence of buttons to get ATMs to dispense unlimited amounts of cash on prepaid cards with no balances.

Potential Threats- Frontline Employees: 

Skimming, Cash Trapping

It’s likely your frontline employees are responsible for monitoring your onsite ATMs for skimming or cash-trapping devices. Inspecting ATMs on a routine basis can help to determine if the ATM has been compromised with a device. It also can help to minimize your window of exposure. 

Frontline Action Plan: 

  • Inspect On-site ATMs Twice Daily – Your opening and closing procedures should include inspecting all ATMs. Check all areas of the device including cameras, locks, stickers and panels. Besides checking for a skimmer, staff also should look for dried glue or adhesive residue. This could be evidence that a skimmer was present recently. Cash dispensers should be inspected for a device that may attempt to catch cash, while the entire ATM should be inspected for cameras or other anomalies.
  • Clean On-site ATMs Weekly – While weekly cleaning will keep your ATMs clean, functioning and attractive to cardholders, it also gives employees another opportunity inspect your machines.

Potential Threats- Operations: 

Skimming, Jackpotting, Cash-outs, Cash Trapping

Proper monitoring and procedures can help to mitigate many threats to your ATM fleet. Your operations team can cover almost all aspects of the operation and security of your ATMs, from documenting inspections and cash filling to monitoring alerts and trends.

Operations Action Plan: 

Create Joint Vendor Management Procedures with IT

  • Adjust ATM Hardware from Your Provider – Choose and install your own locks. Most jackpot attacks occur on ATMs that retain default locks installed by manufacturers.
  • Armored Car Services – Keep an eye on service providers. Ensure you check the accreditation of service personnel before they inspect or work on your ATMs. For ATMs hosted by merchants, make sure they follow the same security protocol.

Monitor Your ATM Fleet Operations 

  • ATM Balances can Provide Key Insights – If balances are unusually low or you see a large drop over a short time, this is a red flag. Also, stock ATMs with only enough cash to last until the next scheduled refill. And consider employing dual-factor authentication for all cash withdrawals over a set amount.
  • Pay Attention to Errors – Network errors may indicate ATM tampering. Card-reader errors can mean the reader was tampered with or, for insert machines, that something is preventing card dispensing. Alerts that a cash dispenser is empty, communication has been lost or the system has rebooted also can be signs of tampering.
  • Step-up Surveillance – Security and inspection of off-site ATMs are an important part of your surveillance protocol. Make sure all ATMs are protected by adequate lighting and security cameras. Consider employing chip-and-PIN procedures for debit cards to prevent criminals from withdrawing cash with counterfeit debit cards.
    cash handling 

Potential Threats- IT:

Jackpotting, Cash-outs, Software Glitches

Your data security approach to ATMs should be parallel to that of your other data systems. This includes terminal and software updates, passwords and USB inputs.

IT Action Plan: 

  • Software and Access Security – Make sure ATM software, systems and patches are up to date. As with personal computers or mobile devices, criminals can exploit loopholes in outdated software. Make it a top priority to patch vulnerabilities in ATMs that connect to the Internet, as well as in any software processing Internet data, such as web browsers and plugins. Use strong administrator passwords of at least 11 characters with a combination of letters, numbers and special characters. This can stop criminals from using USB devices to inject malware and facilitate attacks. Install and update anti-virus or anti-malware software on hosts. And use whitelisting to ensure that only approved software applications are allowed on your system.
  • Stay on Top of Notifications – Notifications come often from ATM hardware providers, alerting you to software updates and upgrades. Ensure these changes will not affect your system’s ATM interactions. IT may need to make similar changes to internal software to avoid vulnerabilities or glitches.
  • Employee Training – Train employees not to click links or open attachments in unsolicited emails.

The fraud experts at PULSE are always ready to talk shop with you and your teams. Reach out to your Account Executive (877-247-8573) or our Fraud Operations team (866-892-3517) if you want to know more about keeping your ATMs protected.