There are many ways criminals are attacking the data transmitted with ATMs to commit fraud. It is important to ensure that each of your machines has the highest level of security to prevent this for your customers.
Types of Attacks
ATM skimming- there are two types of skimming that criminals use. The first type is a digital scanning attack. They physically place a device on an ATM that looks like a card reader. When the cardholder inserts their card, it then copies the data. This data is stored in the skimmer and can be downloaded onto a PC where it can be read and used to make fake debit cards. An analog skimmer, the second type, works a little differently. It records the sound of the card’s data signal during the transaction. This data is retrieved from the recording and used fraudulently.
Hacking and malware software- these are placed on the machine locally, often times through USB devices or via unsecured network connections.
Card and cash trapping- this is a device that is installed to either trap the cash or ATM card for the criminal to steal. The cardholder typically doesn’t suspect this as fraudulent activity and just writes it off as an equipment error. The reality is that the machine has been compromised and the scammer is nearby waiting for the cardholder to walk away so they can retrieve the stolen card or cash.
Ways to Prevent These Attacks
- Anti-skimming devices- Install anti-skimming devices. These are physical security measures that best protect against skimming devices. There are vendors that provide one device that protects against both types of skimming.
- Passwords- Use effective password controls. You should never have the same password for all of your machines. Another important thing is to immediately change the default password after purchasing a new machine. Hackers usually know the manufacturer default passwords and can get right into your system if you have not changed it.
- Software updates- It is important to keep all application software and operating systems up to date to ensure they have all of the latest security patches. You should also continuously update the antivirus software and firewalls for more protection.
- Lockdown- ATM owners should lock down their machines. This ensures that unused hardware or network ports are disabled and cannot be used by hackers or malware. Essentially by locking down the system the software cannot be altered or hacked.
- Collaboration and communication- The final and maybe most important way you can prevent these attacks is with a collaboration of you, the ATM owner, the manufacturers, ancillary service providers and the cardholder. Signage or communication with the cardholder about who to contact if they suspect the machine is compromised or that fraud is being committed is paramount. Stay in the know about what the ATM manufacturing companies are offering to prevent the various threats. Another key factor that fits in here is periodic checks to make sure there is no evidence of tampering. Any time you visit your machine this should be part of a checklist of things you verify.
