Staying one step ahead in the ATM security challenge (Part 2)
It is essential that financial institutions adopt a holistic approach to security.
It is essential that financial institutions adopt a holistic approach to security, considering not only the system itself but also the infrastructure and eco-system across the entire network. From card compromise to physical attacks on ATM systems, the nature and frequency of attacks can be hard to predict.
However the primary areas of focus that financial institutions and independent deployers should consider are:
- IT security
Europol recently discovered a new breed of malware that targets ATMs and enables hackers with physical access to the device’s ports to make an ATM spit out cash.[i] As crime has moved from simply stealing payment card numbers to hacks on entire bank networks, financial institutions should ensure that their systems have, at the very least, up to date standard security features in place such as hard disk encryption.
- Physical security
Cash and card crimes are the most obvious and widely reported crimes. From hidden cameras which capture pin numbers to software that copies the card when inserted into the machine – criminal gangs across the globe have developed ways to steal the details necessary to compromise customer’s financial security.
In other instances, simple brute force is used. Backing up to an ATM machine with a heavy-weight vehicle and wrenching it from the building, or blowing up an ATM with gas or other explosives might seem ambitious – but this can, and does, happen. In previous incidents as much as £130,000 has been stolen through attacks on ATMs using explosives[ii]. Criminals target the most vulnerable devices so it is imperative that ATMs, particularly those externally facing, are protected and appropriate measures are put in place.
- 3. Fraud
With annual global credit card fraud expected to exceed $35 million dollars by 2020, fraudulent attacks are common place in today’s society. Physical manipulation and transaction reversal fraud can result in significant losses – with losses due to card trapping, for example, rising by 32% since 2014.[iii] Staying ahead of the threats is therefore crucial to protecting your network, combatting fraud and minimising risk.
But against this landscape of evolving threats, how should financial institutions stay ahead? Utilising carefully selected solutions that combine the latest in banking technology with security expertise built in, is essential. This, alongside industry collaboration, is key to beating criminals and maintaining customer trust.
Given the ever increasing level of sophistication of criminal activity, it is important that financial institutions and ATM vendors work together with their suppliers and partners to build a coordinated plan to protect end-to-end operations.
On a practical level, this means sharing information about the range of criminal threats that exist across the world and using these global insights to inform decisions about security. It also means reporting all suspicious incidents because although one event might not seem significant, when pieced together with other events this can provide an insight into trends that could develop into international threats.
There’s a growing sense across the industry that together we are stronger, and that sharing knowledge is key to protecting our banking systems from compromise. The trend for collaboration is something that is expanding in the UK – the BBA is leading mapping exercises to encourage smaller firms to participate in cyber intelligence sharing[iv] and as the political focus on cyber issues increases, the banking sector is becoming proactive in the development of new policies and strategies as seen with the Bank of England’s collaboration with the National Cyber Security Centre.
Stay in control
Modern network technologies and the open nature of the internet are creating an environment where security is an essential part of any ATM network that should be embedded into the foundation of corporate strategy.
Building strong infrastructures around existing ATM networks and ensuring that security remains a key part of operational risk planning are equally important. Staying ahead of crime is crucial in the battle to protect frontline services, and employees and customers can play a key part in this. Educating front line staff to detect and be aware of attacks can help highlight potential threats, which when coupled with frequent communication with customers, can assist with building a more synergistic approach to combatting crime.
One thing is for certain – existing security threats continue to evolve rapidly and new forms of crime will undoubtedly emerge. However as attacks have become more sophisticated, so has the technology available to fight the fraud. It’s up to financial institutions and technology providers to work together to continue the legacy of these self-service systems that have become so integral to how we utilise our money and live our daily lives.
[ii]Dossier: ATMs Network in the United Kingdom, Statista (November, 2016)
[iii] European ATM Crime Report (January-December 2015)