An automated teller machine (ATM) is an electronic banking device, which allows customers to complete basic transactions without the aid of a branch representative or teller.
Types of ATM Crimes
This category is related to any attempt to rob the ATM of the cash in the safe. Methods of physical attacks include solid and gas explosives, as well as removing the ATM from the site and then using other methods to gain access to the safe. Even personal attack on the user to get hold of money is quite common now-a –days.
Logical Attacks -ATM malware/ cash out attack/ jackpotting:
A cyber criminal can run unauthorized software (Malware), or authorised software in an unauthorised manner to the ATM. They install ATM software stack either onsite or remotely through the network. Control of the malware is achieved onsite with help of the ATM's PIN Pad or remotely via the network. Onsite installation can be performed by accessing unprotected communication interfaces like USB or by booting an unauthorised operating system. The malware may include features to counter detection, reverse engineering and unauthorised usage. In addition it may include a secure deletion feature. Depending on the malware type the card holder either sees a normal transaction (SW-Skimming and MitM) or the ATM may be out of service or damaged (Jackpotting).
Jackpotting: Targets the control of the dispense function in order to "Cash-Out" the ATM.
MitM: Targets the communication between the ATM PC and the acquirer host system in order to falsify host responses and dispense cash without debiting the criminal's account.
Skimming refers to the stealing of the electronic card data, enabling the criminal to counterfeit the card. Consumers experience a normal ATM transaction and are usually unable to notice a problem until their account is defrauded. The card details and PIN are captured at the ATM and used to produce counterfeit cards for subsequent cash withdrawals. It is the number one threat globally but thanks to deployment of anti-skimming solutions, EMV technology and contactless ATM functionality.
A cyber criminal installs a foreign device on an ATM to capture data from a customer’s card. This is typically achieved via a wiretap, sniffing the functionality of the card reader, or connection to a magnetic read head within the card reader. The defining characteristic of an eavesdropping device is the use of the legitimate card reading functionality of the card reader to capture the customer’s card data.
The defining characteristic of a card shimming device is, the data contained on the chip on the customer’s card, typically by placement of the foreign device between the customer’s card and the contacts of the card reader. The placement of a card shimming device by a fraudster enables a number of possible attacks such as capturing magnetic strip equivalent data, relay and other man in the middle attack.
Trapping is the stealing of the physical card itself through a device fixed to the ATM. The card is physically captured at the ATM, and PIN is compromised.
The fraudster jams the ‘Enter’ and ‘Cancel’ buttons with glue or by inserting a pin or blade at the buttons’ edge. A customer trying to press the ‘Enter/OK’ button after entering the PIN, does not succeed, and thinks the machine is not working. An attempt to ‘Cancel’ the transaction fails as well. In many cases, the customer leaves — and is quickly replaced at the machine by the fraudster. A transaction is active for around 30 seconds (20 seconds in some cases), and he is able to remove the glue or pin from the ‘Enter’ button to go ahead with the withdrawal. The loss to the cardholder is, however, limited by the ceiling on withdrawals, and the fact that only one transaction is possible without swiping the card again and re-entering the PIN.
Transaction Reversal Fraud:
TRF involves the creation of an error that makes it appear as though the cash had not been dispensed. The account is re-credited the amount ‘withdrawn’ but the criminal pockets the money. It could be a physical grab (similar to cash trapping) or a corruption of the transaction message.
Most Common Types of ATM Cyber Fraud
Today, the criminals have gotten a bit more technologically sophisticated, with the most common types of ATM “cyber fraud” being:
Cassette Manipulation Fraud – Where the ATM is programmatically altered to dispense multiples of the withdrawal amount with a single cash withdrawal transaction.
Surcharge Fraud – it is the programmatic setting of the ATM surcharge to zero on the attacker’s card.
Confidentiality Compromise – Where the perpetrator gains unauthorized access to ATM system logs and the confidential information stored therein that can then be exploited.
Software Compromise Fraud
In this method they catch all for all other ATM fraud that involves the exploitation of software vulnerabilities so as to manipulate the ATM operation itself.
Out of the above, card skimming remains, by far, the most frequent form of ATM attack and currently represents nearly 95 percent of all losses. However, card skimming can be effectively prevented through the deployment of comprehensive anti-skimming solutions.Card skimming continues to evolve, and criminals are becoming more organized, migrating to the weakest link. Anti-skimming solution helps everyone to reduce risk and protect ATM networks.
ATM Safety Tips
- Keep your card in a safe place
- Do not write the PIN number on the card
- Never allow other people to use your card
- Never tell anyone else your PIN number
- Don’t accept help from strangers at an ATM. Wait until you can ask a bank staff member to help you.
- If someone is standing too close to you at the ATM, ask that person to move away.
- Find another ATM if something looks suspicious at the ATM you intend to use.
- If the ATM swallows your card, report it immediately. All banks display a toll-free telephone number at the ATM for this purpose—write this number down in case you need it.
- Report all lost or stolen cards immediately.
- Keep account, PIN and the bank’s HELP-line telephone numbers in a safe place.