ATM Crime:
Attacks against ATMs may be classified as either ATM physical attacks or ATM fraud.

ATM Physical Attacks:
ATM physical attacks are normally perpetrated with the intention of gaining access to the cash or other valuable media within the ATM safe or ATM security enclosure. Some of the most common methods include Ram Raid, Explosive Attack (gas and non-gas) and Cutting (e.g. rotary saw, blow torch, thermal lance, diamond drill). The success of ATM physical attacks is often measured by what percentage of the cash is stolen and the speed by which the attack is completed.

ATM Fraud
There are many different categories of ATM fraud. In general ATM fraud can include any deliberate ‘criminal’ technique which involves the use of an ATM to obtain something of value to the perpetrator. The most common types of ATM fraud include Card Theft (e.g. Lebanese Loop) , PIN Compromise (e.g. Shoulder Surfing), Card Skimming, Cash Trapping, Transaction Reversal and Deposit Fraud.

ATM Fraud in more detail:

Card Theft
Card theft is where the perpetrator physically obtains the consumer’s card at or in the vicinity of an ATM. The most common method of card theft is Card Trapping. The most popular method of trapping a card at the ATM is known as Lebanese Loop. A Lebanese Loop is designed to be entered within the card entry slot of the ATM card reader in such a way as it does not prevent the consumer from entering their card, but it does prevent the ATM card reader from ejecting or returning the card to the consumer. The perpetrator can subsequently remove the trapped card once the consumer has departed from the ATM with the belief that the ATM has captured or swallowed their card. Another variant of card trapping is known as the Algerian V trap. Other methods of card theft include card swapping where the consumer’s card is exchanged for a card of similar appearance. This distraction method is often executed at the time that the consumer’s card is being returned or ejected to the consumer following a transaction at the ATM.

PIN Compromise
PIN compromise methods range from the very technically sophisticated to the relatively easy technique known as shoulder surfing. Shoulder surfing involves the perpetrator standing close enough to the consumer to observe the numbers entered on the key pad. A more sophisticated method of observation or surveillance involves the use of a miniature camera which can either transmit the image of the PIN being entered or store the recording within the device. With the increase in the number of mobile phones with video capture capabilities, such phones are adapted to compromise PINs. Keyboard overlays are devices which are designed to look very like the genuine ATM key pad and are fixed on top of the genuine key pad. The Keyboard Overlay will record the numbers entered on the key pad but also permit the genuine keyboard to accept the PIN being entered. Similarly to the use of cameras, the keyboard overlay may transmit the information to a remote receiver or store the information locally. Sophisticated ATM Infrastructure Hacking, Architecture Hacking, Network Hacking, Social Engineering, Phishing and various other methods are also used to compromise PIN codes.

Card Skimming
Card skimming involves making a copy of the information encoded on the magnetic stripe of the card. There are various different types of skimming device designed to be used in different environments, from hand held devices through door access skimmers to miniature card entry slot skimmers. Hand held skimming devices are more commonly associated with card skimming in restaurants and other retail establishments. When used in the ATM environment the perpetrator will either use distraction techniques to temporarily obtain and copy the consumer’s card or sometimes pick the pocket of the consumer. Some ATMs are installed in a controlled environment whereby the consumer is required to swipe a card at the door of the ATM location to gain access. Skimming devices may be attached to or used as a replacement for a genuine door access device.ATM card entry slot skimmers have various shapes and sizes and also vary in sophistication. When installed correctly they allow normal operation of the ATM in that the consumer’s card is entered and returned correctly, however the magnetic stripe is copied by the skimming device. One of the most effective ATM skimming devices is known as the Sofia skimmer. The skills of the perpetrators in modifying the packaging of skimming devices makes them very difficult for the untrained observer to detect.

Cash Trapping
Cash trapping is the term used to describe attacks where the consumer’s cash is trapped and prevented from being presented or delivered to the consumer. The variety of trapping devices is significant, ranging from those which require insertion within the ATM’s cash dispenser through false fronts to well engineered electro-mechanical devices which simulate the removal of the cash by the consumer.

Transaction Reversal
Transaction reversal techniques involve highly skilled manipulation of the ATM during a transaction with the result that the host computer believes that the consumer did not receive their cash and thus re-credits or reverses the transaction. Other variants of transaction reversal involve either collusion with someone within the ATM network or detailed knowledge of the rules governing transaction processing.

Deposit Fraud
Deposit fraud covers a variety of criminal techniques from making false deposits, trapping deposits through skilful manipulation of the deposit accepting device. False Deposit fraud includes exploiting processing rules to draw on funds before they have been verified and officially cleared for crediting to an account. Similar to cash trapping, Deposit Trapping allows the perpetrator to obtain the valuable media prior to it being secured within the deposit terminals safe or security enclosure. Highly skilled perpetrators of deposit fraud may use techniques by which the deposit terminal believes it has received and successfully validated a deposit when in fact it has not.

The above article was written by Douglas Russell, DFR Risk Management Ltd.

ATM security issues and ATM fraud issues often follow some distinct patterns based upon the location of the ATM security attacks or ATM fraud incidents. While accurate reporting of bank ATM security and ATM fraud issues varies considerably by country, the following provides a high level overview of some of the geographical patterns of ATM security and ATM fraud attacks:

ATM fraud issues in the most part involve credit card fraud and debit card fraud. The ATM machine may be the ‘common purchase point’ (CPP) where analysis shows that a significant number of credit cards or debit cards were used genuinely in one specific location prior to detection of subsequent fraudulent transactions. Even when not the CPP, automated teller machines may be the mechanism used to convert compromised credit cards and debit cards into hard cash, so long as the credit card fraud or debit card fraud included compromise of the personal identification number (PIN).

ATM skimming is now common in most parts of the world that have a mature network of ATMs, self-service terminals and point of sale (POS) terminals that accept magnetic stripe based credit cards and debit cards. Most bank ATM security issues and ATM fraud issues involving ATM skimming are the result of criminals attaching an ATM skimmer to the ATM card reader slot. Europe has historically been one of the most targeted geographies for ATM skimming attacks, although the world-wide spread of such ATM skimming fraud has been, and continues to be significant.

ATM deposit fraud which includes both cash deposit fraud and cheque fraud (check fraud) at automated teller machines is one type of ATM fraud that is particularly common in the US where many banks have a culture of crediting and allowing drawings against the deposit prior to manual reconciliation and verification.

ATM hacking should really only be used to describe attacks against the internals of the ATMs software or the ATMs systems security but is commonly used to describe attacks against card processors and other components of the transaction processing network. The US have experienced a number of high profile ‘ATM hack’ attacks against well known credit card and debit card processors. Some of the systems security breaches have included compromise of the PIN in addition to the card data, with subsequent fraudulent spend using cloned credit cards and cloned debit cards at ATMs.

Another ATM fraud issue is ATM card theft which includes credit card trapping and debit card trapping at ATMs. Originating in South America this type of ATM fraud has spread globally. Although somewhat replaced in terms of volume by ATM skimming incidents, a re-emergence of card trapping has been noticed in regions such as Europe where EMV Chip and PIN cards have increased in circulation.

ATM funds transfer fraud is prevalent in Asia. This ATM scam involves criminals tricking victims into using the automated teller machine to transfer money into the criminals account.

ATM security attacks involving physical attacks against the ATM security enclosure are widely spread. ATM explosive attacks although originating and not uncommon in Europe are more prevalent in Australia and South Africa.

ATM ram raid incidents also occur globally but are most prevalent in the US, perhaps partly due to the large number of ATMs deployed in soft-target locations such as convenience stores.

ATM security incidents involving a high degree of precision to gain access to the ATM security enclosure occur globally. The UK and Canada have experienced many such precision ATM security attacks in recent years.

TThe above article was written by Douglas Russell, DFR Risk Management Ltd.