Jackpotting Attacks Add New Dimension to ATM Security Concerns


Although ATM “jackpotting” has only just recently made an appearance in the U.S, ATMIA security committees and consultants have been devoting significant effort over the past twelve months to update key Best Practices manuals, which will assist U.S. ATM operators in combatting this new threat.  In addition, ATMIA is working with the FBI and cyber-security experts to develop additional anti-jackpotting strategies.

In some ways, the new rash of attacks is surprising, in that it is more complex and represents greater risk for the perpetrator compared to skimming, for example.  Jackpotting is both a physical attack and a malware attack.  It requires forceful access to the ATM’s internal components, followed by the injection of malware, which will cause the ATM to continuously dispense cash.  The U.S. Secret Service issued a cautionary press release about the potential threat on January 26, 2018.  However, American Banker reports that the first instance of jackpotting in the U.S. may have been a known case in Denver last October.

ATMIA members have access to up-to-date Best Practices for both physical security and cyber security.  Relevant manuals include:

Best Practices for ATM Physical Security, Version 3

Best Practices for ATM Cabinet Security and Physical Key Management

ATM Cyber Security Briefing Paper, Version 3

Preventing ATM Malware, Black Box and Cyber-Attacks

Attendees at the ATMIA U.S. annual conference earlier this month had an opportunity to attend a break-out session presented by the U.S.  Secret Service.  In addition to the planned content on anti-skimming, the speaker provided a real-time update on efforts to shut down jackpotting attempts.

“Unfortunately, we have learned from experience that criminals don’t go away when one type of attack or another becomes more difficult or less lucrative,” said David Tente, executive director for ATMIA USA.  “One of the advantages of our global footprint, though, is that when a new type of attack moves into the U.S. market from another region, we already have Best Practices in place – it’s not new to us.”

ATMIA will also issue a fact-based information sheet, compiled with the assistance of the U.S. Secret Service and FBI, within the next week.


Source link