ATM fraud by the numbers
On Feb. 14, day one of the ATMIA US conference, ATM Marketplace will roll out the 2017 ATM Future Trends report, our biannual examination of advances, opportunities and issues of concern in the global ATM industry.
As in 2015, we are pleased to announce the 2017 publication will be available to all industry members at no cost, thanks to underwriting from Auriga, a provider of software solutions for the retail banking industry.
You can register here to receive an email alert and link to a downloadable PDF of the report when it goes live on our site.
This year's report will offer insights and analysis from our recent survey of ATM owners and operators of every type and size, and representing every major region of the world.
It will also include findings and conclusions from two in-depth consumer surveys — one conducted in the United States and the other in the United Kingdom.
Last, but not least, the report will include commentaries from more than a dozen ATM industry executives, whose contributions lend additional perspective and a real-world view to the future of our industry.
Following is an excerpt from a commentary by Shirley Inscoe, a senior analyst at Aite Group, a research and advisory firm focused on issues in the financial services sector.
Inscoe lays out some eye-opening statistics about ATM fraud and risk as perceived by 63 financial institution executives interviewed by Aite in November. A longer version of this commentary will appear in the trends report.
Organized fraud rings always seek to strike an FI's weakest area to commit fraud. In recent years, many FIs have focused on improving fraud prevention capabilities in the online and mobile channels, and little attention has been paid to ATMs.
In the U.S., ATM skimming is definitely considered the most severe threat, with 68 percent of executives classifying it as a very severe or severe threat.
Cybercrime is seen as the next most critical threat, with 49 percent of executives grading it as very severe or severe.
Sixteen percent of respondents view the physical threat to ATMs as no threat at all; this category is most likely to have a geographic component since this is primarily a big-city problem. Some large FIs that have experienced ATM theft are installing detectors that will send alarms if machines are moved.
Somewhat surprisingly, 78 percent of executives view internal fraud as no threat or low threat; the challenge may be that these FIs do not have adequate detection capabilities in place to uncover internal fraud.
Forty-four percent of executives believe card and cash traps are a moderate threat.
FIs constantly assess their fraud prevention capabilities to detect gaps that need to be filled and to attempt to get one step ahead of fraudsters.
It is a difficult game of cat-and-mouse, with fraudsters definitely having many advantages; committing fraud is their full-time job, and all the monies they steal are tax-free income that can be used to continue to commit more fraud.
Many organized fraud rings are run similarly to a business, with well-defined goals and strategies. Fraudsters also take advantage of technology in many ways, automating their attacks and replacing humans with bots that don’t get a cut of the stolen monies.
Furthermore, using automation allows attacks to be coordinated more easily, without having to recruit as many mules.
Clearly, FI executives are at a disadvantage; while their fulltime job might be to combat fraud or conduct investigations, they also have to deal with responsibilities such as departmental budgets, contingency planning, and regulatory compliance requirements, just to name a few.
There are several technologies that FIs can use to mitigate ATM fraud. Some of these technologies are widespread in other countries but have not yet been widely installed in the U.S.
For example, more than 80,000 biometric ATMs have been installed in Japan since 2006, when legislation was passed in that country requiring banks to pay for fraudulent charges.
Technologies that more than half of executives rate as at least highly effective include skimming prevention/detection (74 percent), biometrics (63 percent), malware detection (62 percent), and ATM system monitoring (60 percent). Cameras were ranked as extremely or highly effective by 46 percent of executives.
ATM fraud losses fluctuate over time, depending on what crimes are targeting the machines. More than half of executives surveyed state ATM losses are up in 2016 compared with 2015; 32 percent state they are up between 1 percent and 9.9 percent, while 23 percent state they are up 10 percent or more.
Losses are down at 27 percent of FIs; 7 percent of executives say their ATM fraud losses are down 10 percent or more, while 20 percent say they are down between 1 percent and 9.9 percent compared with the same period last year. An additional 18 percent of FI executives state that ATM fraud losses are flat compared with last year.
ATM fraud is evolving and is becoming more sophisticated; the fraudsters behind it are becoming increasingly organized. In light of the new ATM fraud challenges being experienced around the world (which will eventually reach U.S. shores), here are a few recommendations for FIs:
Monitor ATM fraud of all types to ensure steps are taken to keep it in check as organized rings increasingly target this delivery channel.
Ensure installed security is updated periodically as threats change, particularly anti-skimming and motion detection capabilities.
Prepare for malware to be used in the United States, because it is certain to migrate eventually. Determine the vulnerabilities present in your current machines as well as the networks your FI participates in.
Consider biometric ATMs as older machines are fully depreciated and replaced. As consumers are becoming more accustomed to taking selfies and using fingerprints to authenticate themselves in other channels, they are likely to appreciate the increased security and convenience of these ATMs.