ATM security – why you need multiple layers of protection

Developments in technology and business practices have helped banks to protect their ATMs more effectively than ever before.

The ATM Industry Association’s (ATMIA) 2016 annual fraud survey found that the proportion of respondents revealing a general increase in ATM crime dropped to 42 percent, from 51 percent in 2015. While this is obviously good news, ATMIA chief executive Mike Lee stressed that “the wide range of types of attack, as well as the technologies and tools used by fraudsters” remains a major challenge.

This emphasises the fact that one of the most testing aspects of ATM security today is the need to fight on several fronts. It is now crucial to have multiple layers of protection across your self-service network.

Physical protection

Fraudsters are becoming more and more sophisticated in their methods, but that doesn’t mean old-fashioned brute-force attacks are no longer a threat. A machine full of cash will always be an attractive target for criminals, so protecting against ram raids and other physical threats should always be a priority.

There are various ways of shielding your ATMs against such attacks. One approach is to use plinths or anchors to make your machines as physically secure as possible. GPS technology can prove particularly helpful in tracking the location of an ATM that is removed from its installed site.

Card and cash protection

Methods used by criminals targeting ATMs are designed to compromise the cards (and data) customers insert into the machine or the cash contained within. Despite the accelerating rollout of EMV, there is still valuable data to be gained from a card’s magnetic stripe, so effective anti-skimming technologies for ATMs are essential.

You can also protect against card trapping and cash trapping – where criminals fit physical devices to ATMs to trap a customer’s card or cash inside the machine – with measures such as strengthened shutters.

Logical protection

Modern ATMs are becoming increasingly reliant on cutting-edge software to function effectively. As a result, logical attacks are posing a bigger threat to self-service networks, with cybercriminals using malware to infect machines and access customer data.

It has become absolutely vital for banks not only to be aware of this modern threat, but to take action against it. One way of strengthening logical protection across your self-service network is by deploying software security solutions that prevent unauthorized code from running on your ATMs.

Fraud protection

Checks are not as common as they once were, but ATMs with the capability to accept check deposits still need security measures to protect against deposit fraud. Criminals make fraudulent deposits by entering counterfeit checks that look authentic.

Banks can protect against this by using systems designed specifically to validate signatures on checks and make accurate decisions on whether to accept or reject the deposit.

Future protection?

In the coming years, we will see a number of new technologies coming to the fore that will protect ATMs against various forms of attack.

One particularly exciting area of innovation is biometric authentication, a technology that is already becoming prominent in payments. ATMs that are capable of using biometric data to verify a customer’s identity offer another layer of fraud protection for banks and their customers.

There is also strong potential in contactless withdrawal, either by card or smartphone. If the customer doesn’t need to physically enter their card into the machine, there is no risk of skimming of trapping.

It’s true that fraudsters still pose a big risk to ATMs, but with exciting technologies like these already in use and further innovations on the horizon, banks and their customers are better protected than ever.


Image: iStock/matthewennisphotography

Written by Dena Hamilton

Dena Hamilton

Dena is NCR's Director of Enterprise Fraud & Security Software Solutions. She specializes in fraud, risk, compliance and security, with over 35 years of experience in the financial services space. Her focus is the development and deployment of enterprise financial crime solutions optimized in prevention, detection and back office efficiency.

Read more articles from Dena Hamilton