By : Owen Wild
February 27, 2018 08:00 AM
The ATM Industry Association (ATMIA) recently called on the sector to “stand
together to face down the threats of attack from ATM and cyber criminals.”
There is no doubt that the ATM will continue to attract the attention of
fraudsters over the coming years, so the onus is on banks, independent
deployers, software developers and other parties to mitigate this risk.
A pivotal year for the ATM industry?
Delivering his new year message in January 2018, Mike Lee, chief executive of
ATMIA, suggested that the coming year could be a highly significant one for all
aspects of the ATM industry, including security.
He acknowledged that criminals will pose an ongoing and evolving threat, but
also stressed that the modernization of the ATM channel will provide great potential and opportunities for
businesses to unlock.
"2018 promises to be a turning-point for the worldwide ATM industry," said Mr Lee. "There is huge consensus and
momentum behind the future-proofing exercise of the industry's search for a new model for ATMs in today's
mobile world. At the same time, the industry has no option but to stand together to face down the threats of
attack from ATM and cyber criminals."
With this final point in mind, what are the threats - old and new - that banks and ATM deployers need to be aware
of in 2018, and how can you protect against them?
Black box attacks
Black box attacks involve the connection of an unauthorized device, such as a laptop, to an ATM. The device can
then be used to instruct the machine to dispense cash. This criminal method is becoming increasingly common in
Europe and has recently spread to the United States.
One of the most effective ways to mitigate this threat is to conduct regular monitoring and inspections across your
ATM network to pick up on any suspicious activity. It's also vital to ensure that ATM software and hardware are
fully up to date to maintain the strongest protection against criminal activity.
Like many industries, banking is facing a growing threat from malicious software and viruses. If it is successfully
installed, malware has the potential to take complete control of an ATM's cash dispensing function, or to monitor
the machine's PIN pad so the perpetrator can acquire card and PIN data.
Up-to-date logical protection is absolutely essential to keep malware at bay and to shield your ATM hardware and
software from criminal interference. It's also beneficial to keep up with the latest trends and developments in
Computer chip vulnerabilities
If an attacker knows where to look, the smallest vulnerability in a computer chip can compromise an entire
Banks and ATM deployers should stay up-to-date with the latest announcements on any potential security
weaknesses in computer chips and install the most recent updates and patches from manufacturers to keep their
Skimming and physical attacks
Criminals have evolved their methods to exploit flaws in ATM software and operating systems, but they are also
There are various solutions available to help you combat these sorts of threats, such as dedicated tools to protect
against gas-initiated explosions and devices that send out multiple signals to prevent skimmers from isolating and
recording payment card data.
As the industry continues to evolve, technologies such as contactless withdrawal could further reduce the risk of
skimming, keeping customer data safe and making life harder than ever for the criminals.