By Richard Broadbent, General Manager – Banking, Wincor Nixdorf UK/I
This year marks 50 years since the introduction of the first ATM, which was put into use by Barclays in its Enfield branch in north London on 27th June 1967. Technology has come a long way since this early version of the self-service systems we use today but one thing hasn’t changed – the need for robust security solutions is critical for ATMs around the world.
Official figures show that self-service systems remain a global target for crime. The European ATM Security Team (EAST) has recently reported that the number of logical ATM attacks continues to rise. In the first half of 2016, twenty eight incidents were recorded – up from just five during the same period in 2015. As technology continues to evolve, so does the nature of fraudulent attacks and with the estimated cost of ATM fraud in excess of £32.7 million per year[i], adequate security is vital.
With the demand for cash set to remain strong, ensuring the integrity of the self-service channel is crucial to preserving good customer service, encouraging loyalty and maintaining a positive brand reputation.
So what can financial institutions do to make sure they are protected from physical, fraudulent and logical attacks?
Security starts with understanding both the measures that are currently in place and the potential vulnerabilities that exist within the network. However with the nature of security threats varying widely, knowing where to start can often be a challenge in itself. A good starting point is to break down the different types of threats and map these against existing security.
By performing a vulnerability assessment to identify potential gaps within their networks, banks can begin to make realistic plans for combatting possible risks. Industry intelligence can also provide invaluable information on what is happening in the market now, as well as advice on likely future trends.
Security breaches cause significant disruption to customer service, so putting the right security infrastructure in place is crucial to maintaining what is fast becoming the physical front line of customer service.
Boosting security to thwart threats
It is essential that financial institutions adopt a holistic approach to security, considering not only the system itself but also the infrastructure and eco-system across the entire network. From card compromise to physical attacks on ATM systems, the nature and frequency of attacks can be hard to predict.
However the primary areas of focus that financial institutions and independent deployers should consider are:
- IT security
Europol recently discovered a new breed of malware that targets ATMs and enables hackers with physical access to the device’s ports to make an ATM spit out cash.[ii] As crime has moved from simply stealing payment card numbers to hacks on entire bank networks, financial institutions should ensure that their systems have, at the very least, up to date standard security features in place such as hard disk encryption.
- Physical security
Cash and card crimes are the most obvious and widely reported crimes. From hidden cameras which capture pin numbers to software that copies the card when inserted into the machine – criminal gangs across the globe have developed ways to steal the details necessary to compromise customer’s financial security.
In other instances, simple brute force is used. Backing up to an ATM machine with a heavy-weight vehicle and wrenching it from the building, or blowing up an ATM with gas or other explosives might seem ambitious – but this can, and does, happen. In previous incidents as much as £130,000 has been stolen through attacks on ATMs using explosives[iii]. Criminals target the most vulnerable devices so it is imperative that ATMs, particularly those externally facing, are protected and appropriate measures are put in place.
With annual global credit card fraud expected to exceed $35 million dollars by 2020, fraudulent attacks are common place in today’s society. Physical manipulation and transaction reversal fraud can result in significant losses – with losses due to card trapping, for example, rising by 32% since 2014.[iv] Staying ahead of the threats is therefore crucial to protecting your network, combatting fraud and minimising risk.
But against this landscape of evolving threats, how should financial institutions stay ahead? Utilising carefully selected solutions that combine the latest in banking technology with security expertise built in, is essential. This, alongside industry collaboration, is key to beating criminals and maintaining customer trust.
Given the ever increasing level of sophistication of criminal activity, it is important that financial institutions and ATM vendors work together with their suppliers and partners to build a coordinated plan to protect end-to-end operations.
On a practical level, this means sharing information about the range of criminal threats that exist across the world and using these global insights to inform decisions about security. It also means reporting all suspicious incidents because although one event might not seem significant, when pieced together with other events this can provide an insight into trends that could develop into international threats.
There’s a growing sense across the industry that together we are stronger, and that sharing knowledge is key to protecting our banking systems from compromise. The trend for collaboration is something that is expanding in the UK – the BBA is leading mapping exercises to encourage smaller firms to participate in cyber intelligence sharing[v] and as the political focus on cyber issues increases, the banking sector is becoming proactive in the development of new policies and strategies as seen with the Bank of England’s collaboration with the National Cyber Security Centre.
Stay in control
Modern network technologies and the open nature of the internet are creating an environment where security is an essential part of any ATM network that should be embedded into the foundation of corporate strategy.
Building strong infrastructures around existing ATM networks and ensuring that security remains a key part of operational risk planning are equally important. Staying ahead of crime is crucial in the battle to protect frontline services, and employees and customers can play a key part in this. Educating front line staff to detect and be aware of attacks can help highlight potential threats, which when coupled with frequent communication with customers, can assist with building a more synergistic approach to combatting crime.
One thing is for certain – existing security threats continue to evolve rapidly and new forms of crime will undoubtedly emerge. However as attacks have become more sophisticated, so has the technology available to fight the fraud. It’s up to financial institutions and technology providers to work together to continue the legacy of these self-service systems that have become so integral to how we utilise our money and live our daily lives.
References [i] Based on 2015 statistics: Dossier: ATMs Network in the United Kingdom, Statista (November, 2016) [ii] http://www.securityweek.com/new-alice-malware-drains-all-cash-atms [iii] Dossier: ATMs Network in the United Kingdom, Statista (November, 2016) [iv] European ATM Crime Report (January-December 2015) [v] https://www.bba.org.uk/wp-content/uploads/2014/06/BBAJ2110_Cyber_report_May_2014_WEB.pdf