How do you stop a $45M ATM heist?

By Kevin Christensen

As more details of the $45 million international ATM heist begin to surface, ATM operators and their financial institution partners are learning more about the importance of third-party vendor management practices and fraud prevention strategies. With millions of prepaid cards issued worldwide and consumer demand for the cards reaching all-time highs, it's clear that regardless of their format — debit, credit or prepaid — all cards have become extremely valuable to crooks.

What makes this heist unique, however, is the sophisticated strategies employed by the criminals themselves, or more appropriately, the cybercriminals. To pull off their multi-million dollar assault, these virtual gangsters had to breach several different processing systems through presumably several different layers of controls. Not only were they able to use card numbers and PINs associated with compromised prepaid accounts; they also gained access to the processor systems that manage ATM withdrawal limits on those accounts. This allowed the fraudsters to raise limits, helping them increase the velocity of cash withdrawal.

As processors shore up their systems against cybercrime, ATM operators and their FI partners want to know what they can do now to protect themselves and their cardholders. To help prevent another incident similar to the recent heist, FIs should employ proper vendor management programs, implement controls at both the ATM and card authorization systems and continue to educate themselves and their customers. Below are several strategies for doing exactly that.

Story continues below...

Pendum- The Nation's Largest Independent Service provider for ATMs 
Are your ATMs ready for the EMV and Windows 7 requirements? We can help.

Vendor management and security reviews

  • Annually review critical service providers (e.g., data processors) and ensure they adequately demonstrate proper security controls. Review available audit reports (e.g., SSAE 16, PCI Data Security) and information security programs to understand the companies' commitment to securing data. Ensure that they are maintaining maximum security settings for hardware, operating systems and applications. 
  • Ask for frequent updates from processing partners on how they are adapting to emerging threats. If the information raises any red flags, follow up with the organization to ensure they are being fully addressed. 
  • Review the FI's own controls surrounding security changes. Only grant access to employees who absolutely need it to perform business duties.

At the ATM

  • Mount surveillance cameras at various locations around ATMs to help capture close views and angles. Many of today's systems are also capable of advanced protection, such as detecting long-time intervals for a single user and linking video footage to a specific transaction. Surveillance footage was an important aspect of the recent heist investigation, and a visible camera presence could encourage criminals to bypass a terminal.
  • Disable or remove unused and unnecessary services, such as remote ATM access, and ensure that the ATM is using the latest operating system and application software.

Card and authorization systems

  • Educate yourself on EMV. Globally, more countries are shifting away from mag-stripe cards in favor of the less vulnerable chip cards — or EMV cards as they are more commonly called. As EMV-enabled cards become more prevalent, thieves and cybercrooks will find counterfeiting to be a crime of the past. That's because duplicating EMV chip cards is nearly impossible.
  • Engage card-blocking systems to help stop fraud before it becomes widespread. Fraudsters have studied and tested the world's detection systems (both new and emerging), and many have learned exactly how to fly under the radar. Particularly in the case of ATM flash fraud, immediate card-blocking technology has become critically important to stemming financial losses quickly.
  • Leverage the power of ATM terminal profiling. This technology watches for multiple transaction requests from the same machine. The system compares that incident with the protected ATM's normal activity and scores the transaction accordingly. High scores trigger action, such as fraud analyst review or an automatic decline, depending on the FI's unique fraud strategies.

Information exchange and education

  • Because ATM-hopping is a strategy frequently employed by fraudsters, particularly members of ATM crime rings, it's important to monitor the various fraud alert information networks. Numerous organizations provide regular information and information exchange mechanisms to help actively share fraud characteristics and incidents.
  • Go beyond ATM terminal and system protection to educate cardholders and customer service representatives about skimming and social engineering scams. While it appears as though the heist criminals obtained PINs through system compromises or hacking (and not through skimming), other fraudsters are actively engaging in both cardholder- and customer representative-facing attempts to obtain or change PINs.

Card fraudsters are well aware of the country's impending switch to chip cards, which is why many analysts predict that card compromises will increase as we creep closer to the migration of U.S. payment systems to the EMV standard. Hackers, too, are only getting better at system compromises. ATM operators and their FI partners must stay on top of their processor partners to understand how they can collaborate for the best possible protection against this growing problem. 

Kevin Christensen is vice president of audit
at Shazam, where he oversees audit and
compliance programs as well as the company's
risk management program, which includes
fraud operations and chargebacks. Christensen's
blog appears regularly on ATM Marketplace.

Read more about security.

photo: anonymous account

Related Content

User Comments – Give us your opinion!
    You have missed the most obvious solution - GET RID OF THE MAGNETIC STRIPE TECHNOLOGY. This is the security weakness, as it allowed numerous cloned cards to be used.
  • Gerhard Schwartz
    In the very early days, ATM's were offline and ATM fraud was very easy - crooks manipulated the mag stripe (with the help of simple devices like the Commodore C64), so they could run from ATM to ATM and retrieve a lot of money in a short time. But this weakness was completely fixed already back in the 70's by introducing online authorization. At that time, those authorization systems all were very secure - ATM hopping was unheard of for several decades. It only returns now, as apparently some operators of authorization systems started to introduce cheaper systems based on PC technology - which of course come with the related vulnerabilities. It may be worthwhile to visit the NIST vulnerability database at to find out how many thousands of known security holes there are in Windows and Linux. Using such platforms for highly critical tasks like ATM authorization would just be asking for trouble - so as part of regular precautions, it may be worthwhile to ask your service provider on what kind of platform his authorization system is implemented.
  • Chandra Narayanan
    virtual cards and dynamic PIN could reduce such frauds
  • Gerhard Schwartz
    ... but are highly impractical for average users und also, just expensive patchwork trying to cure the symptoms. The real solution is to avoid vulnerable platforms for authorization systems. This has worked nicely for decades ... crooks were forced to resort to cumbersome small scale crime (ATM skimming), but could not commit big scale crime by hacking into authorization systems.
Products & Services

Cash Processing Technology


BankWorld Internet


Fire Safety


KAL Kiosks/ Self Service Solutions


QuickWay Printer


Kiosks and Surrounds


ATM Cassettes




V4200 Enterprise Class Router: Integrated features in a mid-size …


Qwick Codes Mobile Wallet


ATM & Mobile Innovation Summit
Request Information From Suppliers
Save time looking for suppliers. Complete this form to submit a Request for Information to our entire network of partners.