NCR recently announced an increase in physical ATM and ITM attacks is being seen nationwide across the United States. These physical attacks have included: using heavy-duty vehicles to attack safe doors, use of explosives to breach the safe door, and pull out attacks that remove the ATM or ITM from its base.
Below are security measures and guidance to keep your institution protected against these physical ATM attacks.
ATM Protection Checklist
Protection Against Physical Attacks
- Work with your ATM manufacturer(s) to monitor your machines closely and report any suspicions of tampering (i.e. installing of malware).Reinforce your physical ATM machine and remove areas where hooks could be inserted
- Consider additional physical barriers that helps reduce accessibility to the ATM machine
- Review cash degradation systems that can permanently stain banknotes
- Ensure the anti-theft and security devices on your ATMs are functioning properly to ensure they will go off if a machine is tampered with
- Consider shutting off your ATMs after-hours or linking the ATMs to your power supply outlet so you can terminate the power on these devices, if necessary
- Adjust the settings on your ATMs so that they shut off and disallow withdrawals if transaction limits on the machine have been tampered with or changed
- Consider installing additional security devices on your ATM machines to better prevent fraud exposure:
- Use a high-security lock-set for the hood of the ATM versus the standard locks used on cabinets or lockers
- Install a security hood switch with the ability to monitor & send an alarm call if the ATM hood is opened after hours
- Install a 140dB alarm sounder at the bottom of your ATM machines. This will go off if the hood of the ATM is opened prior to disarming of the machine
- Work with an ATM service provider that has strong security mechanisms and procedures in place
Protection Against Virtual Attacks
- Review current security measures to ensure you are protected against electronic attacks, i.e. strong password requirements, multi-factor authentication, and tokenization
- Implement separation of duties or dual authentication procedures for account balance or withdrawal increases above a specified threshold
- Implement application whitelisting to block the execution of malware.
- Monitor for encrypted traffic (SSL or TLS) traveling over non-standard ports.
- Monitor for network traffic to regions wherein you would not expect to see outbound connections from the financial institution.
If you suspect any fraudulent activity has been attempted on your ATMs: shut the machine off and keep them off until you can verify the machine has not been tampered with. Re-confirm there is no destruction to the hood of the ATM machine. If you have any ATMs on or offsite, do not let your guard down! Educate all of your employees about these fraud attempts. Ask them to stay on high alert and immediately report any suspicions to a specified individual within your financial institution, so you and your ATM vendor can act fast.
Sign up for our newsletter to receive ongoing education on fraud and security risk prevention.