Are your ATMs protected from bad actors?

Battling back: How to combat threats to your ATM network

Posted on

At 50 years young, ATMs are hardly experiencing a midlife crisis. If anything, they're in their prime, with nearly two-thirds of bank branches and credit unions expecting to increase the supply of these machines over the next few years, according to polling done by ATM Marketplace.

It's largely their popularity and ubiquity that makes them a prime target for identity thieves, fraudsters and robbery. Even if you've been dealing with ATMs for the better part of a half century, the question remains: Is your ATM network protected?

"In the first half of 2017, ATM and point-of-sale hacks surged 21% compared to the corresponding six-month period in 2016."

A jump in ATM attacks
Most financial services entities would like to think that their network is indeed safe, but recently released data suggests otherwise. FICO reported that in the first half of 2017, the most recent period in which data is available, ATM and point-of-sale hacks surged 21 percent over the corresponding six-month period the previous year. There was also an uptick in debit cards being compromised, jumping 39 percent. As technology evolves, these threats are projected to continue to be a challenge for consumers.  

From skimming to trapping, jackpotting to transaction reversal fraud, there is no shortage of strategies scofflaws resort to in their efforts to make off with cash or stolen identities. However, with the right approach and ongoing vigilance, you can keep your ATM network defended from breaches. Here are a few of the more common schemes that crooks resort to and what you can do to help your network rise above the felonious fray:

Card skimming
As its title intimates, card skimming is a scheme that involves the reading of debit cards through the use of a small device. Known as a skimmer, these illegal devices are available on the black market and supply criminals with highly sensitive information they can then use to buy items and charge the owners' card. Skimming also allows thieves to gain access to ATM systems or other terminals where cards are read, like gas stations.

How to respond
One of the most reliable strategies to guard against skimming is to keep an eye on ATM terminals, as skimming typically requires that devices be installed in the system. Making use of video surveillance can identify red flags, such as users lingering at terminals for longer than normal or making several visits. You may also want to invest in cardless ATM systems, which render cards meaningless. Approximately 33 percent of banking professionals expect to support cardless technology systems within the next three years, according to ATM Marketplace research.

Card trapping
Similar to card skimming, trapping involves the reading and deciphering of access particulars through illegal devices, but the main difference is the fact that the cards stay in the system. In essence, they're trapped. This is one of the more brazen schemes criminals resort to, because it often requires them being somewhere nearby so that they can collect the card and device once the user has left the premises.

How to respond
Fortunately, trapping limits fraudsters to a "one and done" operation. However, even one incursion is one too many. Security experts recommend training employees to be on the lookout for people acting strangely around ATMs and to keep surveillance systems in good working order. Contactless payments ATM technology is again another effective countermeasure. 

Transaction reversal fraud
Otherwise known as TRF, transaction reversal fraud is a ploy that essentially bilks the system that keeps track of deposits and withdrawals. Once a transaction is finished, the user will usually receive an error message of some kind. So instead of deducting the amount from the user, the amount winds up being credited to the fraudster.

How to respond
Here's yet another attack that takes advantage of cards, so you can understand why banks are increasingly investing in cardless ATM technology. With these terminals in place all users have to do is bring their devices with them or enter their PIN numbers.

In the meantime, security experts encourage bank branches and credit unions to monitor account transactions on a real-time basis and take advantage of security risk auditing services. Account holders should also get into a habit of checking out their transaction history online for any anomalies and to keep cards on their person at all times.

"Jackpotting has proliferated in recent years in the U.S."

ATM schemes have a way of proliferating over time. This can most definitely be said for so-called jackpotting, a ploy whose origins are largely based in Latin America but has proliferated in the U.S., according to American Banker. Jackpotting cons empty ATMs of virtually all of their paper currency by perpetrators pretending to be ATM repair technicians. They then steal the money either through smash and grab tactics or by installing malicious software so the machine dispenses all of the funds available.

How to respond
Training is essential to spotting charlatans. Security and engineering expert Bryan Burns told American Banker that jackpotting is really hard to pull off when staff members are on the same page about how to identify fakers, whether in person or online.

"Attacks on banking infrastructure and ATMs in particular continue to evolve, but the initial compromise that enables most of these largely remains the same: an unwitting employee that falls victim to credential phishing or other form of social engineering attack," Burns warned. "Financial organizations can prioritize educating their employees to spot socially engineered attacks across email, social media, and the web and run phishing simulations to understand who in their organization is most likely to fall victim to this form of attack."

Full-fledged ATM security requires "an all hands on deck" strategy. BranchServ is your port in the storm. Our product knowledge, training specializations and state-of-the-art ATMs can give you the defenses you need to avoid choppy waters. Our electronic security optimizes deterrence and our physical security prioritizes resilience to on-premises attacks.

Find out more by scheduling a free Branchserv demo!