Automated Teller Machines aka ATM have managed to bring a good amount of convenience into our lives. With its installation at every corner in the town, you could suffice your need to make a deposit or withdrawal even while running errands regardless of what time it is. Even with many online options available today to make payments, ATMs still manage to stay relevant, and useful.
ATM machines are used around the world because they provide the ultimate convenience when banks are out of reach. With millions of transactions performed on a daily basis, it’s a smart decision to provide customers with the ability to withdraw funds at any time.
Despite having the best security access control systems, ATMs are susceptible to attacks. With easy accessibility, ATMs are an attraction for both conventional robbers as well as logical hackers. ATMs at all times have cash in sufficient amounts to lure criminals. Also, they are comparatively not harder to rob than banks as they are mostly unattended which makes gaining physical access easy. And given the number of successful attacks all around the globe, ATM security definitely becomes our main priority to ponder upon.
A wide array of attacks on ATMs are planned which fall either into physical or logical types. Physical attacks include physical removal of the ATM from its place or conducting gas attacks to get access to the safe door. These kinds of attacks are more dangerous simply because it involves damage to the property and the risk of loss of life. Another type of attack uses explosives to get forced access to the safe door of the ATM to take all the cash and are called gas attacks which are quite common in many countries.
Skimming is also very common as it qualifies as an easy option for criminals. Skimmers are attached to ATMs so that all the important data of the previous card swipes are collected and benefited from.
Shimming, a new type of attack is popular these days which uses the insertion of a thin paper-like thing in the card reader to get access to cause damage to the ATM. How do we identify if a particular ATM is being shimmed? While inserting the card into the device if you feel resistance or tightness that can be an indication of usage of shimmers.
Another way of scamming people without the usage of any card or data that is popular among criminals is jackpotting. After getting access to the ATM device, they install malware which makes the ATM in standard mode and the program could take over which results in getting all the cash that ATM possesses.
When the ATM system is compromised using another device and the network system is violated, those are termed under logical attacks. Various kinds of logical attacks are being executed these days either by using black-box or other malware facilities which are easily capable of hampering the ATM security system
What can be done to protect the ATM?
ATM Security systems can be improved with the implications of proper technology to make these attacks happening on the ATM security access control systems take a dip. The primary step should be taken to increase physical security around ATM as a good variety of crimes involve minimal physical access to the ATM.
A constant monitoring of the place via CCTVs is vital for ensuring no suspicious activity takes place. The human component also proves to be crucial. ATMs should have proper physical security accompanied by random checking of machines by employees or technicians at regular intervals. It is more appropriate to install through the wall ATM for increased physical security.
A security access control system that sends an alarm in case of any malicious activity happening should be deployed as it can help in disabling the ATM and gives the scope to stop the fraud from happening. Some ATM security systems even set off multiple alarms in case of any intrusion event which adds more layers to the security like the one provided by Smart I Electronics Systems. The Smart I Alarm panel sends an alert to the central monitoring system and also reflects an alert on the CMS screen in addition to a loud hooter on the site of the event. This level of security is preferred more and proves more effective in terminating the risk of theft. The tamper-proof casing of machines and keypad is essential for proper physical shielding.
ATMs work on complex network systems and a lot of data processing is involved during a transaction. They have an operating system to carry out various functions, Windows OS being the most common one. However, criminals have found ways to exploit vulnerabilities of these systems, and hence logical attacks on ATM technology are rapidly increasing and posing a serious threat. Therefore, proper enhancements in the logical security of ATMs and their implications become vital.
Some of the measures that can help improve ATM security are mentioned below which are also recommended by high-level professionals from this domain.
Ensure proper encryption.
Encryption stands in the way of easy access of sensitive data to an unauthorized person.
Criminals try to read the sensitive data of users to later use them to dispense cash. Hence proper end-to-end encryption of the data is a must. PCI requirements also urge you to leverage encryption technology for safeguarding cardholder’s data over any open or public networks.
Regular Updating of the software.
Poorly updated ATMs are the ones that are most susceptible to logical attacks. To prevent those, regular updating of all the installed software is essential. It also includes time to time download of patches and implementing them. Even a delay of a few weeks can increase your security threat by a serious amount. Regular checking should be made to make sure that the software in use is running up to date and no old version is in use.
Install a firewall.
With time cybercriminals have become smarter and are capable of breaching the entire ATM network to get cash. An integral part of a holistic network protecting strategy is to install a firewall. This ensures a secure connection and blocks any unauthorized traffic on your network.
Define roles for access.
Limiting the access to sensitive data of cardholders makes an important step in decreasing the chances of attack. Roles should be defined properly and the person should get only that much information that enables him in the proper implementation of his responsibilities. The fewer people have access to data, the less is the risk of mishandling it.
Establish password policy.
For every ATM and account, the password should be unique. This makes sure that in case of an attack happening, it is only limited to one ATM and does not lead to the damage of the whole ATM network chain. National Cash Register recommends user passwords to be at least 14 characters long and no two consecutive characters from the user name are allowed. Users should also keep in mind to use ‘difficult to crack’ passwords. Memorizing them and not writing them anywhere is advisable to ensure the complete security of your personal data. It is also necessary to change your password after a certain interval of time.
Conduct regular security tests.
Knowing all these safety measures does not guarantee full protection but proper execution does. Regular testing of the security by professionals is required to detect any loopholes that went unnoticed. Employees or technicians should be given proper information and training for this kind of checkups and address the issues immediately if found. The frequency of these tests should be pre-decided and implemented accordingly throughout the year.
Deploy proper anti-malware/protection software.
Installing good software just adds layers to the security system. Effective protection against malware attacks, alerts on the threat, or memory protection are the advantages provided by proper installation of software. Although choosing the right software is critical which is developed by trustable sources and gives all the required functions.
A great option is available by Smart I Electronics Systems which builds its products with years of research and experience in this field which increases the effectiveness of their products. Their software for ATM security systems has facilities such as multiple alarms, ATM monitoring, real-time response during and after an event, and even more. It also has a continuous self-diagnosis feature which does a self-check to ensure that all the functions are operational which also includes communication between the ATM site and the monitoring room. This just creates a better and safe environment for the ATM against potential attacks and thefts.
What can people do to minimize the risk?
Consumers are also expected to take measures that can help from their side to lower the risk of ATM frauds. A lot of crimes can be saved if the general people are educated about the basic guidelines to keep in mind during a transaction.
ATM robberies often occur after the patron has completed their transaction. Always have your head up and be aware of your surroundings when you leave an ATM. If you feel or sense someone is following you, walk or drive to the nearest open business or where there are a lot of people and call the police. Never tell your access code or PIN to anyone. Never lend your ATM card to anyone; treat it like cash or a credit card
While using an ATM, check for any unusual markings or devices around the keypad or while inserting the card. This could prevent skimming. If you lose, misplace or have your ATM card stolen, notify the card issuer immediately. To make sure no unauthorized payments have been made from your account without your knowledge, try regular checking of your transaction records. And above all, be alert
In the coming years, the ATM security system is definitely going to witness a breakthrough of new levels given the efforts being made by financial institutions which might help in reducing the number of attacks occurring today in different parts of the world.