There is no silver bullet to prevent fraud at an ATM. ATM fleet owners need to address both physical security (such as cameras and systems), as well as have intelligent systems in place to monitor transaction activity. Most importantly, they need testing processes in place to ensure all of these systems work together seamlessly and securely.
Since ATMs provide direct access to physical cash, they are particularly susceptible to physical crimes and malicious cyber attacks. Criminals target ATMs in an attempt to steal money from customer bank accounts.
While a quick Google search will likely reveal a slew of news stories about criminals stealing ATMs to get a hold of the cash, it’s not just physical threats that are a security concern for ATM fleet deployers.
Criminals use a range of tactics to steal cash from ATMs, including installing malware on the system, stealing debit/credit card information to create fraudulent cards, changing the amount of funds in customer accounts and physically attacking the machines to access the cash.
In fact, from 2017 to 2018, X-Force Red - an autonomous team of veteran hackers within IBM Security - saw a 300 percent increase globally from banks requesting ATM security testing.
In this blog, we’re going to take a look at some of the top security concerns for ATMs, and what financial institutions can do to mitigate the risk of some of these threats to better protect their customers.
What are the top security concerns for ATMs?
Let’s take a look at some of the most common ATM security concerns, and what causes them.
ATMs have long been a high-profile target because of two primary reasons. Not only do they hold a large amount of cash in them, but they are unattended. This is an attractive proposition to criminals who know that they can target ATMs with physical attacks, without getting stopped.
While physical attacks on ATMs were traditionally either breaking into the machine or stealing it in an attempt to access the cash, physical attacks on ATMs are now far more sophisticated. In most cases, physical attacks on ATMs typically see criminals drilling into the top box of the ATM to gain access to its interior where they can mess with the software.
Once inside, criminals are then able to:
Install a skimming device
Install a new hard drive that is infected with malware
Perform a “cash-out” to steal all of the money within the device
Virtual ATM, an innovative ATM testing product from Paragon Application Systems, enables ATM fleet owners to test various aspects of their physical ATMs to ensure they are secure from these in-person attacks.
Outside of physical attacks, some criminals focus on exploiting ATM software weaknesses in an attempt to steal customer payment card information or customer account information. Software attacks typically target ATMs with software that’s not up to date, those that have weak local networks and those which have insecure or misconfigured services.
Criminals are able to use software attacks to install malware on an ATM, allowing them to steal account information, change withdrawal limits, add funds to accounts, create fraudulent bank accounts, as well as remove money from a user’s bank account.
Most XFS ATM communicate with an authorization host that drives the ATM and is aware of much of the activity taking place at the machine. Virtual ATM offers some additional tools to help test that the host responds correctly to certain error conditions.
How can financial institutions improve their ATM security testing?
Criminals are becoming more sophisticated when it comes to targeting ATMs, meaning these machines need to be more secure than ever before. A critical element of ensuring ATMs are secure is to implement ATM security testing into your processes.
ATM security testing should involve testing of; remote network access, local network access, physical machine access, and backend services. Through proper ATM security testing, financial organizations can better protect their machines and connected infrastructure, and, as a result, provide a far more secure customer experience.
ATM security can be enhanced dramatically through the implementation of automated tests.
Rather than conducting manual tests in a physical laboratory (which is incredibly time consuming and doesn’t give information of the vulnerabilities of an entire ATM fleet), automated ATM security testing allows financial institutions to significantly expand test coverage and roll out security fixes rapidly.
Interested in learning more? Paragon Application Systems has designed an innovative ATM testing software that provides organizations with automation options that allow them to run more tests in less time, saving them significant amounts of time, money and resources - as well as enhancing their ATM security maturity.