WASHINGTON—A new white paper on ATM attacks has been released by the Financial Services Information Sharing and Analysis Center (FS-ISAC).
Called “Understanding ATM Attacks,” the white paper explains how cybercriminals conduct such attacks and how financial institutions can protect consumers.
The report is a joint effort between CUNA, FS-ISAC, the American Bankers Association and the Independent Community Bankers Association.
“Cybercriminals target ATMs through both physical and computer-based means to steal funds for a cybercrime gang or a nation-state,” the three-page paper reads. “These attacks often occur around holidays in an attempt to circumvent or delay detection. This may involve the creation of fraudulent payment cards at one or more financial institutions.”
Four Types of Attacks
The paper outlines four types of ATM attacks:
- Skimming attacks using devices that may sit on top of the ATM PIN pad and/or card slot or inserted deeply into the card slot. Usually, the information captured from the skimmer and camera is used to create cloned cards
- Shimming attacks are similar to skimming attacks, except that criminals use special mechanisms inserted deeply within the ATM to capture the chip information on newer chip-enabled cards. This information is used to create cloned cards
- Cash-out schemes in which criminals use ATMs either locally or globally to drain funds from multiple accounts held at one financial institution. These attacks use legitimate card numbers that were stolen and involves the manipulation of the account balances and withdrawal limits
- Jackpotting attacks, in which criminals use physical and/or logical methods to force one ATM to dispense all the cash, just like a slot machine
The paper also examines:
- Common misunderstandings about ATM attacks
- Information on how institutions protect consumer accounts
- Steps consumers can take to protect accounts