According to the last survey conducted by the European ATMSecurity team, card skimming is still the most prevalent crime in27 European countries. Action has been taken, and 61% of Europeancountries have reported a decrease in card skimming because of theimplementation of Europay (EMV technology that's embedded in ATMsrequiring two-factor authentication) drastically reducing the riskof stolen credentials.)

At the same time however, we have noted an increase in cashtrapping attacks. This is where cash dispensing slots are targetedby fraudsters who replace these ATM's components with fakedevices.

In the U.S., ATM fraud is expected to increase due to thetransition to EMV standards in Europe, Asia, Latin America andCanada where EMV embedded chip cards are more difficult tocounterfeit than magnetic stripe cards used in the U.S. Because ofthis, many criminal organizations will likely view the U.S. as anattractive target.

ATM fraud has become more sophisticated over the years, and theattacks are highly organized. Investments have been made to developfraudulent devices that take advantage of trends in terms ofcomponents: miniaturization, storage, WiFi communication, andbattery life.

Types of ATM Threats

Card & Currency fraud cover attacksconducted to steal cash and /or to steal details of consumer'scredentials to produce fake cards for fraudulent transactions.

• Skimming, still the most common type of attack, uses devices(skimmers) to capture cardholder data from the magnetic stripe IEcopying the TRACK2 information on the magnetic stripe of the card.In general a skimming device is installed over the top of the ATM'scard reader, sometimes installed inside the ATM. The skimmer willcapture the card data prior to the ATM card reader and the datawill be stored and transmitted to attackers. Skimming is oftencombined with other devices, cameras and a fake keypad to capturethe PIN number.

• Card trapping aims to steal the consumer's card and use it at alater time by the attacker. This attack is often combined with theuse of other devices such as cameras, and the fake keypad describedpreviously.

• Currency trapping, fishing used to steal the cash. This can bethrough a false dispenser (trapping attacks) or using wires orprobes to prevent cash being dispensed (fishing). The attacker willretrieve the cash as soon as the consumer leaves the ATM.

• Transaction reversal is an attempt to create an error conditionat the ATM. This results in a transaction reversal due to thereported inability to dispense cash.

• Dummy ATMs are ATMs that are bought and set up by criminals.They are installed in areas with high pedestrian traffic for theone purpose of reading consumer card data. These machines aretypically powered by batteries or a surrounding power socket.

- Logical / DataAttacks

• Targeting the ATM's software OS, logical attackers include theauthors of a virus and hackers who install malware. The logicalattack is still one of the most difficult to detect. The impact canbe very high as it will impact and compromise thousands ofconsumers' data. The logical attacks include malware andviruses.

• Hackers attempt to install malware in order to violateintegrity, confidentiality and authenticity of data transactions.The purpose is to gather cardholder data and dispense cash. Attackscan be either locally or remotely executed. Local attacks areperformed through downloading malware, or sniffing communicationbetween card reader and ATM central unit using a USB drive that isconnected to the ATM computer. Locking the system will prevent anyunauthorized programs they run.

• Remote attacks target the ATM networks and attempt tocompromise the communication with the host. These attacks are morecritical because a hacker does not need to open up the ATMs.

• As ATM technology knowledge becomes widespread, monitoringsystems gain access through Web browsers or TELNET, enabling easyaccess for attackers who can hijack ATM management systems andperform management functions.

• ATM networks are still vulnerable to similar IP based networksattacks. Remote attacks such as eavesdropping, spoofing, denial ofservice, sniffing and virtual channel theft are almost alwayscarried out by criminal organizations.

- Physicalattacks

• Physical attacks are usually perpetrated to gain access to thecash and valuable ATM components such as the safe, the top hat,presenter and depositor or in some other cases, the entireATM. Depending on the component targeted, the attacks can bedescribed as below:

• Because it contains the cash, the safe is still the firstcommon target. The perpetrator's efforts concentrate on the locks,handles and hinges of the safe. In some cases the top hat istargeted to steal the ATM hard drive or for attaching skimmingdevices or USB devices to download malware. The presenter anddepositor can be subject to attacks where perpetrators attempt toaccess an ATM's cash sources (deposits). Therefore they will useseveral methods: cutting, drilling, burning devices (torch),pulling the safe door, using pry bars, bombs and other explosivedevices. Other physical attacks will attempt to remove the ATM, andmove it to another location, ramming the ATM with a car or truck,pulling it using a chain and a car, or lifting it from itsfoundation with forklift.

In today's day and age ATM threats are becoming more common thanever. People need to be alert and stay up to date with as to whatis going on around them in order to stay protected from theseincreasing threats.

SofianeChafai is a security researcher for InfoSec InstituteInc. in Elmwood Park, Ill.