ATM security issues and ATM fraud issues often follow some distinct patterns based upon the location of the ATM security attacks or ATM fraud incidents. While accurate reporting of bank ATM security and ATM fraud issues varies considerably by country, the following provides a high level overview of some of the geographical patterns of ATM security and ATM fraud attacks:
ATM fraud issues in the most part involve credit card fraud and debit card fraud. The ATM machine may be the ‘common purchase point’ (CPP) where analysis shows that a significant number of credit cards or debit cards were used genuinely in one specific location prior to detection of subsequent fraudulent transactions. Even when not the CPP, automated teller machines may be the mechanism used to convert compromised credit cards and debit cards into hard cash, so long as the credit card fraud or debit card fraud included compromise of the personal identification number (PIN).
ATM skimming is now common in most parts of the world that have a mature network of ATMs, self-service terminals and point of sale (POS) terminals that accept magnetic stripe based credit cards and debit cards. Most bank ATM security issues and ATM fraud issues involving ATM skimming are the result of criminals attaching an ATM skimmer to the ATM card reader slot. Europe has historically been one of the most targeted geographies for ATM skimming attacks, although the world-wide spread of such ATM skimming fraud has been, and continues to be significant.
ATM deposit fraud which includes both cash deposit fraud and cheque fraud (check fraud) at automated teller machines is one type of ATM fraud that is particularly common in the US where many banks have a culture of crediting and allowing drawings against the deposit prior to manual reconciliation and verification.
ATM hacking should really only be used to describe attacks against the internals of the ATMs software or the ATMs systems security but is commonly used to describe attacks against card processors and other components of the transaction processing network. The US have experienced a number of high profile ‘ATM hack’ attacks against well known credit card and debit card processors. Some of the systems security breaches have included compromise of the PIN in addition to the card data, with subsequent fraudulent spend using cloned credit cards and cloned debit cards at ATMs.
Another ATM fraud issue is ATM card theft which includes credit card trapping and debit card trapping at ATMs. Originating in South America this type of ATM fraud has spread globally. Although somewhat replaced in terms of volume by ATM skimming incidents, a re-emergence of card trapping has been noticed in regions such as Europe where EMV Chip and PIN cards have increased in circulation.
ATM funds transfer fraud is prevalent in Asia. This ATM scam involves criminals tricking victims into using the automated teller machine to transfer money into the criminals account.
ATM security attacks involving physical attacks against the ATM security enclosure are widely spread. ATM explosive attacks although originating and not uncommon in Europe are more prevalent in Australia and South Africa.
ATM ram raid incidents also occur globally but are most prevalent in the US, perhaps partly due to the large number of ATMs deployed in soft-target locations such as convenience stores.
ATM security incidents involving a high degree of precision to gain access to the ATM security enclosure occur globally. The UK and Canada have experienced many such precision ATM security attacks in recent years.
TThe above article was written by Douglas Russell, DFR Risk Management Ltd.