The US Secret Service is warning financial institutions that jackpotting attacks – where ATMs fraudulently dispense cash – are now a risk in the US, according to Krebs on Security. Two cybersecurity experts with VASCO Data Security (which serves more than 10,000 customers and helps more than half of the top 100 global banks protect their online, mobile and ATM channels) offer perspective.
John Gunn, CMO at VASCO Data Security:
.
.
David Vergara, Head of Global Product Marketing at VASCO Data Security:
Myth 1: It’s easy to see and avoid devices implanted in ATMs for theft
Fact: Criminals use ATM interface components for theft that are custom designed to fit seamlessly into the card readers of specific manufacturers. Some of these appliances can be tough for even a trained specialist to spot quickly and casually.
Myth 2: Chip Cards Fully Stop Hacking
Fact: The launch of chip card technology (EMV) began a decade ago in Europe and has been spreading throughout the world, and has helped cut card fraud, but even EMV can’t always prevent fraud. EMV protections can be circumvented through ultrathin metal or plastic devices installed in the readers, for example.
Myth 3: It takes a sophisticated hacker to steal from an ATM
Fact: It doesn’t take a sophisticated hacker to defraud an ATM. In California, five teens were arrested for putting card data theft devices at three ATMs located in banks. Today, any interested party can become a professional thief in this segment with a modest investment in cash.
Myth 4: ATM security must depend on the customer
Fact: Although some IT and security professionals cite customer carelessness in ATM fraud, the fact is that there is a growing risk vector that has nothing to do with customer mistakes. Researchers have found that IoT devices such as personal smart clocks or pulse physical activity controllers can be used to steal an ATM access code. By collecting hand movement information, researchers could accurately guess passwords and access codes with up to 80% success on the first try.
Myth 5: Thin copy devices or hidden cameras are the only ATM attack strategies
Fact: Bank security professionals need to look at and beyond reader devices and hidden cameras – there’s a new array of ATM fraud technology, such as Bluetooth-enabled devices that install on circuit boards. When fraudulent components are integrated into ATM circuits, thefts can potentially continue for years undetected.