By John Minster, TD Bank
ATM hacking and skimming have been around for some time in various forms. Like bank robberies, they ebb and flow regularly. The latest threat, jackpotting, is not really new but merely a variation of the same threat to ATM security that surfaced in 2010. Jackpotting is a sophisticated crime in which thieves install malicious software and/or hardware at ATMs that forces the machines to spit out huge volumes of cash on demand. Our goal as security practitioners should be a solution that solves these kinds of threats present today with an eye towards future risk.
It is difficult to point to a date when skimming started. The increase in skimming began around 2008. Overlay skimmers, still in use today, were the threat of the day. Skimmers on the ATM door card reader to capture card data and a camera on the ATM to capture the PIN code were quite effective. The Parabit solution at the ATM door proved to be a successful solution, but only in the short term. Perpetrators moved inside and started attacking the ATM there. Skimming overlays followed by insert skimmers were the next evolution. Solutions aimed at the specific threat followed suit. For overlays: jammers, jitters, and electromagnetic pulse were options to deal with skimming. For insert: the solution consisted of a card reader throat that was large enough to only allow the card.
Unfortunately, this did not stop attacks and the sophistication increased, with hacking emerging into the picture. 2010 saw the introduction of malware much like today’s jackpotting. 2012 saw the introduction of the black box. The black box technology drilled holes into the ATM and connected it to the cash dispenser. The device sat, as the name suggests, in a black box on top of the ATM. Hackers would then use a cell phone to dispense cash at will.
The chip and pin solution arrived on the scene to mitigate the attacks by overlays and insert skimmers. Europe was the first to deploy, effectively pushing this threat to North America. Canada decided to employ chip and pin next which pushed perpetrators into the US. 2016 saw the return of the black box and increased skimming in the US. This was followed by other hacking events such as “para scoping” which attempted to connect to the ATM OS and store customer data for later retrieval.
Today, everyone is at risk for hacking. In the U.S., where chip and pin is not widely deployed, the country is at risk for not only hacking but skimming as well. Though the threats are numerous, now exists better solutions that best position for any attack today and tomorrow.
Parabit provides an anti-skim solution that monitors the ATM vestibule door card reader. The card reader’s magnetic stripe has sensors in place to detect when a skimmer is placed on top, triggering an alarm. This solution has its limitations. Heavy rains and snow cause false alarms. Video equipment is necessary to confirm alarms.
Insert skimmers can be deterred by installing throat plates that only allow a card to be installed.
There are a myriad of solutions for the ATM card reader available and with these solutions, as they say, “you get what you pay for.” Some of these include:
- Jitter motion – The motorized reader brings the card in through an irregular pattern of stops and starts making it harder to capture the information on the magnetic stripe.
- Jamming – An electromagnetic device creates a field to block a cell phone from connecting to the skimming device or camera.
- Surface tension – A device that senses a skimmer has been placed over the keypad.
There are dozens more as well. As each new threat arrives, a new solution is created; it’s a never-ending circle.
Hacking is an entirely different subject matter. Most of this security should be handled by IT and data security on the customer side. Jackpotting involves removing the ATM hard drive and installing the perpetrator’s hard drive. This allows the hacker to dispense cash from a cell phone at will. One would think that simply monitoring the network for an ATM restart would be the easy solution. However, every time the ATM is opened, settled, filled with cash or repaired, the ATM restarts, and false positives are high.
So, what solutions to install? From a pragmatic approach, securing the ATM and monitoring the ATM is the best solution.
Securing the ATM
Securing the ATM means more than locking the ATM. Attempts to install a better lock have resulted in the perpetrators poking through the ATM speaker to release the drawer latch to the topper. Monitoring the topper through a tamper is more effective. Plunger type tampers are prone to false alarms, magnets are the better solution. This will require a keypad inside the ATM so maintenance and support can disarm the ATM locally. It should go without saying that safe door contacts and heat detectors are required. Vibration devices should be standard fare along with tamper devices for securing the ATM.
Monitoring the ATM
Securing the ATM should be a multi-faceted approach. Tampers aren’t enough; verification of alarms will be prudent in reducing the likelihood of false alarm dispatch. Tampers connected to a VMS would be ideal so that notification to a SOC or mobile device can be used for verification. The next logical step is introducing analytics. Vagrant analytics can not only be used to detect vagrants, but also perpetrators attacking ATMs. Other analytics can be deployed as well, such as alerts for cash harvesting. As you build out cameras and technology, you create a platform for machine learning in the future. Artificial Intelligence will also provide the tools needed as skimming and hacking evolve.
One thing to keep in mind with any of these solutions is the implementation of meaningful technology. Investing large sums for server-based analytics isn’t in anyone’s best interest. Tamper alarms and a program for managing the alarm are meaningful and cost-effective. Analytics that are at the edge, in the camera, are fast efficient and allow future growth. Solutions that look to the future are what is best for the customer.
The Path Forward
While the effort to thwart ATM attacks may be overwhelming, a multi-front approach will provide the best solution today and tomorrow. Threats evolve and change as time goes by and trying to prevent any single threat only stops that attack today. You are still vulnerable to other attacks tomorrow. Look for solutions that reduce risks on a bigger scale instead of one-offs. A program of securing and monitoring the ATM provides a platform for all threats and attacks, today and tomorrow.