CONTINUE TO SITE »
or wait 15 seconds

Article

Finding solutions for denomination fraud

Denomination fraud can provide headaches for ISOs, but there are some steps that can be taken at the password security and programming levels to prevent it.

May 11, 2010 by Fritz Esker — Freelance Journalist, Networld Alliance

Thieves hacking into ATMs and committing denomination fraud has become an increasingly popular form of theft in recent years. The good news is there are simple steps that can be easily taken to guard against this fraud.
 
Denomination fraud typically occurs when an individual is able to access the administrative settings of the ATM, often by obtaining the manufacturer's default passcode. Once in administrative mode, the thief makes a change in the system to indicate that a cassette is filled with $1 or $5 dollar bills, as opposed to $20 bills. If the thief makes a request for twenty $1 dollar bills, he ends up with twenty $20 dollar bills.

Most of the time prepaid debit cards are used for denominational fraud. The reason is obvious: If a person uses a card with his own name on it, once the bank catches on to the fraud the thief will be easy to track down. Prepaid cards are easy to buy and do not require background checks or methods of proving the buyer's identity.

"The problem with the prepaid card is there's no person behind the card," said Steven Gernes, vice president and ISO segment manager at Elan Financial Services of Minneapolis, Minn.
Since it is viewed by many to be a "victimless" crime, unlike an armed robbery, some feel there is not much urgency in pursuing culprits.

"From our experience, there doesn't seem to be a good avenue to address it, whether it be through law enforcement or the financial institutions who issue the card," said George McQuain, CEO of Nationwide Money Services of Jacksonville, Fla. "ATM operators are losing money and there doesn't seem to be any recourse."

There are, however, some proactive steps that can be taken to fight denominational fraud. The first is an obvious one that still gets ignored by many: simply change the default password.

"All terminals come with a master password - change it," Gernes said. "The default password is widely known and in some cases is even available on the Internet."

Triton Systems has eliminated published default passwords entirely, says Chuck Hayes, product manager at Triton. When a new customer is setting up an ATM, that customer has to create a master password and no longer has the option to just use the company's default password.

The ATM Industry Association (ATMIA), in a white paper on denomination fraud awareness, advises password changes once a fiscal quarter or, at the very least, every time an employee with access to the passcodes leaves the company. Many times companies make it unclear who is responsible for password security; ATMIA advises business to incorporate clauses into contracts specifically stating who is responsible for password security.

The ATMIA has issued bullet points on denomination fraud security:

  • Change default passcode
  • Change passcode after service visits
  • Change passcode after cash management visits
  • Change passcode after an employee with knowledge of the passcode leaves the company
  • Enable processor to detect denomination changes and shut down ATM
  • Communicate clearly with employees so they know who is responsible for passcode security

Basic programming changes can be made to the ATM as well, Gernes says. The ATM can be programmed so if a transaction comes in and does not match the correct denomination, then the ATM is shut down remotely and will not dispense any cash.

And so far, at least anecdotally, these steps have yielded positive results, according to some industry insiders. Gernes says denomination fraud was very common approximately a year and a half ago, but that he has seen a noticeable reduction as awareness has increased and better security measures have been put in place.

Included In This Story

ATM Industry Association (ATMIA)

The ATM Industry Association, founded in 1997, is a global non-profit trade association with over 10,500 members in 65 countries. The membership base covers the full range of this worldwide industry comprising over 2.2 million installed ATMs.

Request Info
Learn More
Triton Systems

Triton FI based products • NO Windows 10™ Upgrade • Secured locked down system that is virus/malware resistant • Flexible configurations - Drive-up and Walk-up • Triton's high security standards • NFC, anti-skim card reader, IP camera and level 1 vaults are all options • Triton Connect monitoring • Lower cost

Request Info
Learn More

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf
Recent Posts
Eurasian Bank selects Diebold Nixdorf's self-service software
Romanian man arrested for alleged cash trapping ATM scheme
First National Bank to open 30 branches
Replacing the ATM: Pros and cons of new vs. remanufactured
U.S. Bank resumes crypto custody services


©2025 Networld Media Group, LLC. All rights reserved.
b'S1-NEW'