How to stop ATM attacksATM Marketplace

Attacks on ATMs are becoming more common and the criminals who commit them are becoming bolder, with incidents ranging from explosive attacks to software attacks. As a result, banks are investing more money in protecting ATMs.

Kristen Williams, associate vice president for administrative services, finance division at One Nevada Credit Union, said her union uses a variety of security measures to protect third-party ATMs and service workers.

“Aside from the extensive camera coverage and alarm systems with a duress code built into the alarm keypad, our service team is an outside cash handler armed at the cash exchange and deposit machine,” Williams said in an email with ATM Marketplace.

But there are other ways banks can prevent physical and digital attacks on ATMs. For a deeper dive, ATM Marketplace turned to Simon Powley, Head of Advisory and Consulting at Diebold Nixdorf.

Q What are the latest trends in physical ATM attacks?

A. Two well-known types of physical ATM attacks are explosives attacks, which have troubled financial institutions in Europe and Latin America for years, and hook-and-chain attacks, which are currently extremely popular with would-be criminals in the US

In an explosive attack, criminals use gas or solid explosives and powerful tools to gain access to the ATM safe. Depending on the end device, this can take some time. Once the explosives are inserted, the safe is blown up and the criminals collect the cash and escape in a getaway vehicle.

In a hook and chain attack, criminals attempt to rip open the ATM using a hook and chain attached to a (usually stolen) vehicle such as a pickup truck. Drive-up ATMs are most commonly hit by this attack. After tearing off the Beauty Door, you hook the chain into openings in the vault door and pull it off with the vehicle. As soon as the door is opened, they take out the tapes and flee the crime scene.

Q. What about digital?

A The most common type of data attack on the ATM channel is skimming, but remember that the ATM is not the only point where skimming can occur. It can happen at any point of sale, and recently a much more common target is at the pump. In a skimming attack, a third-party device is installed on an ATM to capture data from a loyalty card’s magnetic stripe. While the device’s location can vary, the key feature of a skimming device is the presence of at least one magnetic read head – meaning bank cards remain vulnerable as long as they still have a magnetic stripe.

There are also other types of data attacks such as shimming and eavesdropping. In all cases, attackers attempt to obtain data from the card. As with skimming attacks, the most common way to access this data is to manipulate the card reader: to collect data from the magnetic stripe, the EMV chip or to intercept data being transmitted from the card reader to the PC.

Q. What tactics are there to deal with security, or strategies to mitigate or prevent attacks in the first place?

A In order to protect the physical ATM from attacks, it is crucial to secure not only the ATM itself, but also the entire ecosystem around it:

• Use sensors that can detect forced opening of the chassis and shutters to detect the attack as early as possible. Combined with CCTV, sensor detection gives security and law enforcement agencies more time to react.
• Delay the attack with a reinforced chassis and safe. The more time it takes criminals to get into the ATM, the more likely they are to call off the attack. In developing our new DN Series ATMs, we made security considerations a key priority. This resulted in the banknote path being moved to the top of the safe and positioned in the center of the ATM, removing direct access to the safe, leaving no room to hang a chain and no place to insert explosives.
• Neutralize the target of the attack: the cash in the cassettes. If an attacker manages to gain access, ink-dyeing solutions render the banknotes unusable for the criminals

Here are effective ways to mitigate or prevent skimming and other data attacks:

• EMI chip technology: Encouragingly, in regions where this technology is already widespread, the number of reported skimming incidents has decreased. But there are regions where usage is still comparatively low – and one of those regions is the US. Unsurprisingly, the risk of skimming attacks remains high in the absence of an alternative.
• Diebold Nixdorf’s ActivEdge card reader counteracts skimming by changing the way an ATM card is inserted and read. Current skimming technology relies on the ability to read an ATM card’s entire magnetic stripe when inserted in a short-edge orientation. ActivEdge requires card users to insert their cards long-edge first, making it more difficult for skimmers to grasp the card’s information.
• Encrypting the communication between the card reader and the PC (as well as other components within the ATM) protects against eavesdropping on USB communications and device substitution attacks, also known as Trusted Device Communication.
• In Internal Space Defense, card reader design is critical to preventing the installation of skimmers and shimmers: by leaving limited physical space in the encrypted reader head, you can prevent the installation of an additional reader head.
• A physical barrier – also known as anti-eavesdropping protection – in areas where sensitive information could be exposed can prevent eavesdropping attacks.
• Internal or external skimming detection uses sensors to detect both internal and external skimmers and trigger an alarm or shut down the ATM until the problem is resolved.
• Intelligent anti-phishing defense protects against trapping attacks by holding a captured card in the card reader with increased removal power – it can later be released with a software command.
• Jamming technology used in multi-signal jamming and anti-tapping scrambling protects against external skimming, including more advanced stereo skimming attacks and certain types of eavesdropping.