Contactless technology will no doubt be a great help against ATM skimming, in which criminals steal personal information at ATM machines. Not having to insert a card into the ATM removes the opportunity to trap cards and gets around the problem of “foreign” devices being installed that can read your cards. It is suggested that contactless technology, may seem the end of cash and can help make ATMs and cash more secure. Others say that cash will still be in business in the foreseeable future.
Biometrics are increasable being used across the security industry and will no doubt be used increasingly to enhance ATM security. The use of finger, palm, vein, iris and facial recognition all have potential in this respect. China is leading the way in facial recognition. It seems likely that any of these may in the future be used with or without cards, PINs and one-time codes. Clearly the speed of operation in relation to biometrics could ultimately play an important part in their use at ATMs, although some privacy issues will need to be addressed.
One current system to help with security which could become more popular is the ATM vestibule environment and will add security with proper security and surveillance equipment. These ATM vestibules, or lobbies, are installed for good reasons, they are more convenient, round the clock locations means better customer retention for a bank, offering comfort and convenience. 24/7 access to ATMs, night drops, coin counters, inside open bank ATMs, bank online banking kiosks, and other self-service solutions are popular. On the prevention angle ATM vestibules should require card access.
At ATMs, the common banking appliances are being rigged to spit out their entire cash supplies into a criminal’s waiting hands. This is called “ATM jackpotting” and has targeted banking machines located in grocery shops, pharmacies and other locations in Taiwan, Europe, Latin America and the United States. Roughly the total amount of global losses at up to $60 million.
The ATMs in supermarkets and pharmacies tend to be targeted because they may not be as well-protected, and store personnel likely would not know who is authorized to work on the ATM. In contrast, anyone approaching an ATM at a bank location would be more likely to be challenged.
Interesting to know that ATM jackpotting originated as far back as 2010 when a New Zealand hacker and computer expert, demonstrated how he could exploit two ATMs and make them dispense cash on the stage at the Black Hat computer security conference in Las Vegas. Since then, malware has been created and made available on the “Dark Web” that can instruct an ATM to dispense all its cash on demand. ATM jackpotting is a combination of a physical crime and a cyber-attack. A criminal with a fake ID can enter a grocery shop or pharmacy posing as an ATM technician, they can use a lever to open the top of the ATM to gain access to the personal computer that operates the machine.
Once they have access to the computer, they remove the hard drive, disable any anti-virus software, install a malware program, replace the hard drive and then reboot the computer. The whole operation can be done in about 30 seconds. The malware then enables the thief to remotely control the ATM and direct it to dispense all its cash on command.
If a legitimate customer uses the ATM in the meantime, it can operate as usual until activated otherwise by the malware.
What is going to happen next in the ATM criminal world wonder? Is there no end to a criminal’s ingenuity or is it simply, as long as you can make them you can break them?