ATMIA US Conference

Preparing ATM networks for the next generation of attacks

Attackers are evolving faster than ever, and defending against them requires more than incremental upgrades. It requires a fundamentally multi-layered approach to security.

Photo: Adobe Stock

May 19, 2026 | Jodi Neiding, VP, Americas Banking, Diebold Nixdorf

Summarize withChatGPTGrokPerplexityClaude

ATM security is entering a new phase defined by higher attack volume, more sophisticated and coordinated criminals and increasingly mobile operations. Financial institutions today face simultaneous pressure across physical, data and cyber domains. Traditional skimming persists, but it now sits alongside malware-based jackpotting, host spoofing, relay attacks and network intrusion techniques that exploit vulnerabilities far beyond the ATM fascia.

I recently hosted a workshop on ATM security at ATMIA's 2026 Annual US Conference, and one message came through clearly: attackers are evolving faster than ever, and defending against them requires more than incremental upgrades. It requires a fundamentally multi-layered approach to security. One that removes single points of failure and assumes that no single control will be sufficient on its own.

Attacks are getting more complex

ATM attacks are no longer isolated or opportunistic. Organized criminal networks are operating transnationally, sharing tools and techniques at speed and executing coordinated campaigns rather than local, one-off attempts. Methods that once took years to migrate across regions are now appearing in new markets within months.

Physical attacks continue to evolve, including explosive entry techniques, drive-up extraction methods and increasingly advanced safe-compromising tools. In some markets, emerging tactics such as cash trapping and explosive attacks are generating new concern. At the same time, data compromise techniques, including internal skimmers, shimmers and relay attacks, have become more difficult to detect without layered defenses.

Yet what dominated discussions at the workshop was not physical attack methodology alone. Polling conducted during the session showed that attendees were especially focused on logical and cyber vulnerabilities. Direct memory access (DMA) attacks, malware-based jackpotting, host spoofing and sophisticated skimming methods were top of mind. Financial institutions are recognizing that as ATMs remain connected to broader banking infrastructure, they inherit new categories of risk. Once a standalone endpoint, the ATM has fully evolved into a node within a much larger digital ecosystem.

The financial consequences extend well beyond stolen cash. A successful attack can trigger infrastructure replacement costs, regulatory scrutiny, customer attrition and long-term reputational damage. In that context, security is not just a fraud management issue; it is a business continuity and trust imperative.

Multi-layer security is no longer optional

The most consistent theme emerging from industry dialogue is the importance of a multi-layered security model. Criminals continuously adapt. When one defensive control is strengthened, they pivot to another vulnerability. A single-point solution simply cannot keep pace.

Multi-layer security integrates overlapping protective mechanisms across physical, software, network and authentication layers. If one control is bypassed, another remains in place. This approach increases detection rates, slows attacker progress and significantly reduces the likelihood of full compromise. It also shifts institutions from reactive loss mitigation to proactive threat disruption.

Prevention technologies are delivering measurable gains when deployed as part of this layered model. Contactless and cardless transactions reduce exposure to traditional skimming and card capture attacks. Advanced anti-skimming readers and internal device detection technologies address both external and embedded fraud devices. Ink protection and cash neutralization systems deter physical attacks by eliminating the economic incentive.

On the cyber front, platform-level intrusion detection, application whitelisting, zero-trust network segmentation and predictive fleet monitoring are helping institutions identify anomalies before they escalate. Behavioral analytics and transaction pattern monitoring provide another layer of defense, flagging suspicious activity in real time.

The key is integration. No single technology defines modern ATM security. Resilience comes from how effectively these layers work together.

Security should enhance the customer experience

Another important conversation during our ATMIA workshop centered on balancing robust fleet security with service quality. Security controls should not degrade the customer experience; in fact, in many cases, they can enhance it.

Contactless payments, cardless withdrawals, QR code authentication and one-time PIN functionality reduce fraud exposure while simultaneously aligning with consumer expectations for seamless, mobile-integrated banking. When deployed thoughtfully, these technologies strengthen both protection and convenience.

There is also an opportunity to involve consumers more directly in the security ecosystem. Institutions can, and should, educate customers about what secure technology looks like and how to recognize suspicious activity. An informed customer base becomes an additional layer of detection, reinforcing the technology itself.

Leveraging compliance as a strategy

One of the most practical recommendations discussed, which resonated strongly with attendees, was leveraging upcoming compliance mandates as a catalyst for fleet security investment.

Regulatory shifts, PCI updates, operating system transitions and other compliance-driven changes create natural funding windows. Rather than viewing these mandates as cost burdens, institutions can use them strategically to secure budget for broader fleet enhancements. When hardware or software upgrades are already required, incorporating advanced security capabilities becomes more financially viable and operationally efficient.

At the same time, institutions should prioritize technologies designed to withstand emerging and future attack types. Retrofitting legacy platforms can provide temporary mitigation, but security-by-design architectures offer longer-term resilience. Building flexibility into ATM platforms enables institutions to deploy new protections without full replacement cycles, reducing lifecycle costs while strengthening defensive posture.

Collaboration as a defensive layer

While technological defenses are advancing, the industry must continue improving collaboration and information sharing. No single institution can defend against modern threats in isolation.

Security intelligence networks, fraud alerts, dark web monitoring and standardized reporting frameworks are accelerating collective awareness. However, there remains room to better educate financial institutions, particularly smaller and mid-sized organizations, about the tools, assessments and threat intelligence resources available to them.

Cross-industry collaboration reduces attacker dwell time and limits the effectiveness of coordinated campaigns. In many ways, collaboration itself has become a core layer within the multi-layered security model.

Designing for the threats of tomorrow

Future-proofing ATM security requires moving beyond retrofits. It demands a design mindset. Security must be embedded into hardware and software architectures from day one, enabling faster deployment of new controls as threats evolve.

Artificial intelligence and machine learning are improving anomaly detection and predictive monitoring. Continuous software lifecycle management reduces exposure to outdated systems. Planning for emerging risks, including longer-term considerations such as post-quantum cryptographic resilience, ensures infrastructure decisions made today remain viable tomorrow.

The institutions seeing the strongest results are those that treat ATM security not as an isolated operational function, but as a component of enterprise risk, customer trust and uptime strategy. CISOs, fraud teams, operations leaders, and executive leadership must align around a unified defensive posture.

The future of ATM security will not be defined by any single innovation. It will be defined by how effectively institutions combine physical protection, data security, cyber defense, compliance strategy and industry collaboration into an intelligence-driven, multi-layered framework.

Attack sophistication will continue to increase. Migration cycles will accelerate. Criminal networks will adapt. In that environment, the most effective defense is a unified mindset: design for resilience, layer for protection, collaborate for intelligence and continuously evolve.

That is what security by design truly means.

Included In This Story

---

Diebold Nixdorf

As a global technology leader and innovative services provider, Diebold Nixdorf delivers the solutions that enable financial institutions to improve efficiencies, protect assets and better serve consumers.

Request Info

Learn More