EXCLUSIVE— While banks are making strides to improve their cybersecurity, it might be time to give the security on their physical devices, such as ATMs, an upgrade too.
This comes after a rush of physical ATM fraud—most of what is known as ‘jackpotting,’ a decades-old maneuver where criminals manipulate an ATM to funnel out all of its stored cash—in the United States, as well as in Europe and Asia.
This type of attack “scales very well” outside of the physical risk to the hackers themselves, Seth Ruden, principal fraud consultant for ACI WorldWide, told Bank Innovation, because it can be used for multiple ATMs of the same model at multiple financial institutions. Additionally (as with replacing online legacy systems), upgrading an ATM network can be costly for an FI, Ruden said.
“A lot of ATMs don’t have proper [security measures] for physical access,” Ruden said. “We should be able to understand if we have panels being opened, if it’s service or manipulation.”
While physical security is still very much a concern for banks at present, it should be upgraded with network and application security in mind, especially as banks begin to link their mobile apps and services to physical ATMs for ease of use, Ruden said.
“The physical security risk will be less, long-term—we’re getting smarter,” he said. “Network security and application will be the big responsibility moving forward.”
Several banks, such as Wells Fargo, have experimented with adding new PINs or other forms of identity verification to their mobile apps so customers can withdraw money more quickly from ATMs, while others are experimenting with beacon technology for the purpose.
While banks should be looking to shore up these security gaps, it is also worth noting that consumers are using, and carrying, less cash than ever before—making the payout from an ATM hack a much smaller pool, thus minimizing the security risk.
“As we move into a cashless society, this risk becomes less of a risk,” Ruden said, who added it was unlikely that we would move to a “100% cashless” society in the near future. “We’re not going to have the same exposures we have today.”
To learn more about cybersecurity and fraud prevention, join us on March 5-6, 2018 at the Parc 55 in San Francisco for Bank Innovation 2018. Click here to register.