One of the favorite target of hackers is the bank ATMs spread around the country. Read on to know how vulnerable are ATMs worldwide?
Last year, hackers stole $3 million from a Bangladeshi bank using similar tactics. In another incident, on ‘Black Sunday’ in August 2018, more than 50 people lost over Rs 20 lakh. In the 2017-18 period, a few Indian banks lost about Rs 120 crore in just over a few hours in the form of fraudulent withdrawals from about 15,000 ATMs. Even worst is the case of a hacker ring penetrating a data centre serving multiple banks, millions of dollars of retail savings could be lost to the malicious elements.
With the exponential growth of ATMs in the banking sector, one has to know the security vulnerabilities associated with the ATMs. Such precautions helps to ensure more accountability among vendors and stakeholders and also enable quick fraud-detection. Possibly many similar incidents would have gone unreported, for fear of the banks being blamed for supervisory negligence.
About five or six years ago, a restaurateur in the American state of Tennessee, along with his associate, withdrew more than $400,000 in $20 bills around Nashville over a period of 18 months. Using a special button sequence and some insider knowledge, they allegedly reconfigured ATMs to believe they were dispensing $1 bills, instead of the twenties actually loaded into cash trays.
The vulnerabilities of ATMs can be illustrated in numerous such instances.
There are cases of robbing bank ATMs remotely involving remote-controlled malware, almost remote i.e. using a Bluetooth keyboard and physical hacking. Instances of ATM jackpotting where the exploitation of physical and software vulnerabilities to get the machines to dispense cash is also a cause of worry for the banking sector.
Easy availability of cheap, high-tech skimming devices are some of the major reasons for ATM frauds around the world. Skimer, a Trojan able to steal funds and bank card data, was introduced in 2009. Micro cameras are also sometimes placed either above the keypad or where bank forms are kept. They capture PINs, which enables card-cloning for fraudulent cash withdrawals.
Login attacks have become increasingly popular among cybercriminals since 2009, through other malware families, including GreenDispenser, Alice, Ripper, Radpin and Ploutus, among others.
Enhancing ATM Security
ATM security can be enhanced by increasing awareness, tightening security measures, and incorporating new technologies for security. Several bank customers are careless; they use overly simple and non-random PINs (such as date of birth), and do not change PINs periodically, compromising security. The implementation of chip technology to prevent card skimming has been successful in many places.
Financial institutions have been experimenting with viable implementation of biometric-enabled authentication systems for their customers. Banks in Japan, for example, have widely deployed biometric-enabled ATMs using fingerprint or finger vein scans. Citigroup in the US attempted to use iris scans of customers. In such cases, the ATM communicates with the bank server by encryption and decryption of biometric information only. However, privacy might be a serious issue for biometrics-enabled ATMs, and the system should comply with the law of the land.
Also, cardless ATMs are now coming in the domain. So, the dynamics of ATM usage is being changed with added security features.