Global ATM Security Threats and Trends
ATM security is constantly evolving as criminals develop new tactics to steal consumers’ money and data. ATMs offer convenient access to cash, yet they can present vulnerabilities that criminals exploit. Here, Brink’s takes a deeper dive into ATM fraud, covering topics such as skimming and money laundering, and advises on how we can help prevent criminal activity.
What is skimming?
‘Skimming’ is a form of fraud that involves stealing card data from unsuspecting ATM users. The sophisticated scale of criminals’ skimming ingenuity has kept pace with modern innovations. The entire process of skimming at an ATM is to capture card data – whether that’s the mag-strip or chip. This stolen information can be used to create counterfeit cards and drain customers’ bank accounts, and with 3D printing technology being so easily accessible, criminals can create a realistic fascia on the front of an ATM, which is often overlooked by the customer.
Practices and procedures used to combat skimming
Security protection is always a moving target, and Brink’s understands that ATM ‘anti-skimming’ technology – a combative term – is a crucial defense mechanism for banks and financial institutions to combat fraudulent attacks.
There are many preventative methods available. On-site cameras can back up evidence retrospectively, and there are specially designed plates or overlays that make it difficult to attach skimming devices to the card reader or keypad. These plates create a physical obstruction that deters criminals and make it more obvious if a tampering attempt has been made. Anti-tamper seals or security labels can also be placed on the ATM; if the seal is broken, it becomes visually evident, alerting users and security personnel of a potential issue.
If criminals spend on a stolen card, the monitoring platforms flag up an anomaly. Even if it seems like a legitimate transaction, systems and algorithms can alert Brink’s to take appropriate measures. It’s important to note that Brink’s are not the only ones monitoring transactions for potentially fraudulent activity; banks and financial institutions also monitor ATM transactions for suspicious activity, so there are multiple layers of transaction monitoring in place.
In addition, data transmitted between the ATM and the bank’s network is encrypted, making it difficult for criminals to intercept. Full encryption is required by Brink’s for all ATM transactions: no transaction is allowed on the network without it. There is always the potential of an attempt to get in the middle of the transaction (such as Man in the Middle attacks), but encryption mitigates this risk. Additionally, an encrypted connection between the mainboard and the dispenser is internal to the ATM to prevent someone physically swapping out components within the shell of the ATM to ‘jackpot’ (dispense all the cash) the machine.
Money laundering
Money laundering is generally defined as engaging in unlawful acts that are designed to conceal or disguise the true origin of criminally derived proceeds, so that the unlawful proceeds appear to have been derived from legitimate sources or assets.
Money laundering is tough to reconcile with reality because of the way in which an ATM operates. As the customer takes money out of the ATM, the machine dispenses the cash, but it is then replaced from the customer’s account, before being cycled back in to replace the money taken from the ATM’s cash vault. If a different flow is inserted into that cycle, money can be laundered quickly and easily.
In most regions, the authorities scrutinize the originating source of the money very closely as it’s relatively easy to create a ‘loop’ that disguises that source.
What Brink’s is doing to prevent fraud
Brink’s has a fundamental policy on money laundering, conducting due diligence at all levels. To combat money laundering, terrorist financing and other illegal activity, Brink’s has implemented various controls, including:
- Conducting due diligence to better understand the potential money laundering and terrorist financing risks presented by Brink’s customers and other counterparties globally, in accordance with AML (Anti-Money Laundering) Laws
- Providing training to employees globally on the prevention and detection of money laundering and terrorist financing
- Reporting unusual customer activity for additional review and investigation by qualified individuals in Brink’s Ethics & Compliance organization
- Conducting internal testing and auditing of Brink’s AML policies and procedures.
- Continuing to maintain and implement controls and safeguards to prevent the use of its operations for money laundering or any activity that facilitates money laundering or the funding of terrorist or criminal activities.
Brink’s has robust monitoring capabilities for security alerts, working with multiple departments to scrutinize what is happening in real time and, in conjunction with third parties and internal teams, we also look at what could happen. Brink’s regularly inspects the ATM locations, so we are proactively analyzing activity at the ATM, not just simply replenishing money in the cash vaults.
How customers can remain vigilant
While ATM providers implement various security measures, customers also play a role in protecting themselves from skimming and fraud. Always be aware of your surroundings and check the ATM for suspicious attachments or tampering before inserting your card. When entering your PIN, use your hand to create a barrier to prevent anyone from seeing the numbers on the keypad. If you notice anything unusual about the ATM, don’t use it and report it to the bank immediately.
In summary
While nefarious methods to commit fraud are becoming ever more sophisticated, Brink’s is continually monitoring ATM devices and implementing countermeasures to prevent fraudulent attacks. Anti-skimming procedures and strategies remains an essential tool to protect consumers and their data, while simultaneously preserving their trust in the bank.
To find out more about how Brink’s ATM Managed Services can protect you and your customers, get in touch.