ATM thieves are getting bolder and banks are adopting more advanced strategies in response to prevent attacks.
ATM attacks are becoming increasingly common and the criminals that perpetrate them are becoming bolder, with incidents ranging from explosive attacks to software attacks. As a result, banks are investing more money intro protecting ATMs.
Kristen Williams, assistant VP of administrative services, financial operations department for One Nevada Credit Union, said her union is utilizing a variety of security measures to protect ATMs and third-party service workers.
"Aside from the extensive camera coverage and alarm systems with a duress code built into the alarm key pad, our servicing team is a third-party cash handler that is armed when at the machine for cash swaps and deposit pulls," Williams said in an email with ATM Marketplace.
But there are additional ways banks can prevent physical and digital ATM attacks. To get deeper insight, ATM Marketplace reached out to Simon Powley, head of advisory and consulting at Diebold Nixdorf.
Q. What are the latest trends in physical ATM attacks?
A. Two prominent types of physical ATM attacks include explosive attacks, which have been troubling FIs in Europe and Latin America for years, and hook and chain attacks, currently exceedingly popular among would-be criminals in the U.S.
In an explosive attack, criminals use gas or solid explosives and strong tools to gain access to the ATM safe. This can take time, depending on the terminal. Once the explosive is inserted, the safe is blown open and the criminals collect the cash, making their escape in a getaway vehicle.
In a hook and chain attack, criminals try to rip the ATM open with a hook and chain attached to a (usually stolen) vehicle like a pickup truck. Most often, this attack hits drive-up ATMs. They hook the chain into openings in the safe door after ripping off the beauty door and pull it off with the vehicle. Once the door is opened, they remove the cassettes and flee from the site of the crime.
Q. What about digital?
A. The most common type of data attack in the ATM channel is skimming, but keep in mind that the ATM is not the only point where skimming may occur. It can happen at any point of sale and recently a far more common point of attack is at the gas pump. During a skimming attack, a foreign device is installed on an ATM to capture data from the magnetic stripe of a customer card. While the location of the device can vary, the defining characteristic of a skimming device is the presence of at least one magnetic read head — meaning that as long as bank cards still have a magnetic stripe, they remain vulnerable.
There are also other types of data attacks like shimming and eavesdropping. In all cases attackers attempt to gain data from the card. Like skimming attacks, the most common way of trying to access this data is to tamper with the card reader: collecting data from the magnetic stripe, the EMV chip, or intercepting data that is transferred from the card reader to the PC.
Q. What are some tactics to handle security or strategies to mitigate or prevent attacks in the first place?
A. To protect the physical ATM against attacks, it's critical to secure not only the ATM itself, but also the entire ecosystem around it:
Here are effective methods to mitigate or prevent skimming and other data attacks:
Bradley Cooper is the editor of ATM Marketplace and was previously the editor of Digital Signage Today. His background is in information technology, advertising, and writing.
Sign up now for the ATM Marketplace newsletter and get the top stories delivered straight to your inbox.
Privacy PolicySeptember 9-11, 2024 | Charlotte, NC