CONTINUE TO SITE »
or wait 15 seconds

Article

2008: The year of ATM skimming

ATM attacks, malware and software glitches are on the rise, and 2008 will likely be the year industry experts point to as the year it all reached a head.

June 23, 2009 by Tracy Kitten — Editor, AMC

Locking down the ATM. It's a software precaution the ATM industry has screamed for since the advent of Windows, but some ATM operators and deployers have been slow to heed the advice.
 
Increasing media coverage of ATM software glitches and malware, which is shadowed by massive data security breaches such as the RBS WorldPay and Heartland Security breaches, has led to increased attention from regulatory bodies and consumer advocacy groups. And all pressures aside, the financial industry itself is concerned, since breaches of any kind damage consumer confidence and adversely affect operating budgets and bottom lines.
In March, when news broke of the card-skimming malware that had attacked a Diebold Inc. ATM in Russia, security bloggers and mainstream media jumped on the story. And more stories followed.
 
Skimming attacksand ATM software reprogramminghacks continually grab news headlines, and are pushing the ATM industry and its primary players to take more aggressive action, say experts like Sharon Dickie, NCR Corp.'s vice president of marketing for financial services.
 
"ATM skimming has been very prevalent for a long time, and the awareness has been heightened in other countries, before the U.S.," Dickie said. "But we knew fraud would migrate to the States, and our campaign has been to try to educate our customers and also law enforcement."
 
As skimming attacks become more common and sophisticated, and as criminals get continually wiser with their ATM reprogramming, domestic ATM operators and manufacturers are closely eyeing the migration of ATM fraud.
 
"We have been saying for a long time that crime will migrate to the weakest link," Dickie said. "While the mag-stripe remains on the card, the card will always be vulnerable to ATM skimming at some point or another. And as the rest of the world moves to EMV, that is definitely a vulnerable point and is a big issue for the ATM and point of sale in the United States."
 
Speaking specifically to the malware attack in Russia, Dickie suspects an inside job.
 
"To get this unauthorized code on the ATM, it needs to be someone who knew what they were doing," she said. "From an NCR point of view, we integrated into our APTRA Security guidelines that lock down the entire ATM — we actually locked it down so that no unauthorized code can run. We've locked it down with Solidcore."
 
But Diebold officials, responding to the attack in Russia, say the breach was definitely not related to an internal compromise. Rather, it's a reflection, yet again, of the increasing sophistication of international crime rings.
 
The year of ATM skimming
 
Jim Pettitt is Diebold's director of ATM-security strategy and planning. He says 2008 was the year of skimming, across the globe.
 
"This is organized crime, and they are distributing this information and stuff throughout the world," he said. "It's not a small business. Hacking is the starting point. They see if they can get in and then they exploit the terminals from there. We've seen a significant increase in skimming attacks in the last 18 months."
 
Diebold spokeswoman DeAnn Zackeroff says the Russian breach involved a physical attack on the ATM that was used to gain access to install malicious software. It was not, she says, an attack based on internal knowledge.
 
"An important take-away: I believe all ATMs are vulnerable to this type of attack," Zackeroff said. "It happened to a Windows-based operating system that was not locked down and the whole industry should be concerned."
 
Pettitt says the system was not locked down, as is always recommended, but even if it had been locked down, the criminals likely would have gotten in.
 
"I have a difficult time equating, saying this is the real problem or that is the real weakness," Pettitt said. "To prevent a malware attack, there are layers of security that you put in place. But if there are any security holes open, the ATM is vulnerable."

Included In This Story

Diebold Nixdorf

As a global technology leader and innovative services provider, Diebold Nixdorf delivers the solutions that enable financial institutions to improve efficiencies, protect assets and better serve consumers.

Request Info
Learn More

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf

Software
Top 10 ATM software solutions
Software
Examining the past, present and future of XFS
Commentary
ATM features: 5 to include
Special Report
2024/25 ATM & Self-Service Software Trends
Presented by KAL ATM Software GmbH
Recent Posts
Eurasian Bank selects Diebold Nixdorf's self-service software
First National Bank to open 30 branches
Replacing the ATM: Pros and cons of new vs. remanufactured
Romanian man arrested for alleged cash trapping ATM scheme
U.S. Bank resumes crypto custody services


©2025 Networld Media Group, LLC. All rights reserved.
b'S2-NEW'