ATM Security2The ATM crime definitions used by EAST when compiling the statistics for European ATM Crime Reports and Fraud Updates are shown below.  The definitions for ATM Related Fraud Attacks have recently been updated by the EAST Expert Group on ATM Fraud (EGAF).

 

ATM Related Fraud Attacks

ATM Malware - Cash-Out (Jackpotting) / Man in the Middle (MitM) / Software Skimming (SW-Skimming)
DefinitionWithin an ATM malware attack the criminal is able to run unauthorized software, or authorised software in an unauthorised manner, at the ATM PC in order to perform one of the following attacks:
Jackpotting: Targets the control of the dispense function in order to "Cash-Out" the ATM.
MitM: Targets the communication between the ATM PC and the acquirer host system in order to falsify host responses and dispense cash without debiting the criminal's account.
SW-Skimming: Targets card and PIN data in order to create counterfeit cards for subsequent fraudulent transactions.
ExecutionThe criminal installs malware in the ATM software stack either onsite or remotely through the network. Control of the malware is achieved onsite with help of the ATM's PIN Pad or remotely via the network. Onsite installation can be performed by accessing unprotected communication interfaces like USB or by booting an unauthorised operating system.
CharacteristicsThe malware may include features to counter detection, reverse engineering and unauthorised usage. In addition it may include a secure deletion feature.
ATM Deployer ImpactFinancial: If successful, a financial loss will be incurred at the time of a Jackpotting or MitM attack, or at a future point if SW-Skimming.
Operational: May sustain damage; may result in loss of service
Reputational: SW-Skimming or MitM could result in compromise of data and loss incurred by Card Issuers
Card Holder ImpactDepending on the malware type the card holder either sees a normal transaction (SW-Skimming and MitM) or the ATM may be out of service or damaged (Jackpotting).
Black Box
DefinitionBlack Box is the connection of an unauthorised device which sends dispense commands directly to the ATM cash dispenser in order to "Cash-Out" the ATM.
ExecutionThe criminal opens the ATM's top box or makes holes in the fascia in order to connect an unauthorised device and issue the dispense commands.
CharacteristicsThe Black Box must be capable of connecting physically to, and logically driving, the target cash dispenser directly using USB or legacy hardware interfaces. The criminal bypasses the ATM's PC core by disconnecting it and connects an electronic device (unknown box/laptop) directly to the cash dispenser.
ATM Deployer ImpactFinancial: If successful, a financial loss
Operational: May sustain damage; may result in loss of service
Reputational: Nil
Card Holder ImpactNil
Card Shimming
DefinitionShimming is the interception ("passive") and / or manipulation ("active") of information flowing between an EMV card and the chip interface of the card reader.
ExecutionThe criminal inserts the device into the card reader; additionally a PIN compromise device like a camera or PIN Pad overlay is installed; typically both devices will be collected after a period of time
CharacteristicsThe device is inserted inside the card reader and sits between the card's chip and the chip interface of the card reader
ATM Deployer ImpactFinancial: Nil
Operational: May sustain damage; may result in loss of service.
Reputational: Shimming could result in compromise of data and loss incurred by Card Issuers
Card Holder ImpactThe customer experiences a normal transaction and retains the card.
Card Skimming
DefinitionSkimming is the installation of a unauthorised device to capture data from the magnetic stripe of a customer’s card
ExecutionThe criminal attaches the device over the card entry slot, within the card throat, or inside the card reader; additionally a PIN compromise device such as a camera or PIN pad overlay is installed; typically both devices will be collected after a period of time
CharacteristicsThe device will have at least one magnetic stripe read head and will be placed over or within the card entry slot of an ATM or within the card reader itself
ATM Deployer ImpactFinancial: Nil
Operational: May sustain damage; may result in loss of service.
Reputational: Skimming could result in compromise of data and loss incurred by Card Issuers
Card Holder ImpactThe customer experiences a normal transaction and retains the card.
Card Trapping
DefinitionCard Trapping is the unauthorised physical manipulation of an ATM, preventing the card from being returned to the customer
ExecutionThe criminal mounts a device over or within the card entry slot prior to the customer transaction and collects it directly afterwards; the PIN can be gathered via shoulder surfing, cameras or overlays.
CharacteristicsThe device allows the card to pass through, holds it at the point of ejection and resists any ATM mechanical attempts to purge
ATM Deployer ImpactFinancial: Nil - any financial loss will be against the Card Issuing Bank
Operational: May sustain damage; may result in loss of service
Reputational: Could be impacted where customers trust the ATM has safely retained their card later to discover fraudulent activity on their account
Card Holder ImpactNo card returned
Cash Trapping
DefinitionCash Trapping is the unauthorised physical manipulation of a customer's cash withdrawal, preventing customer access to the cash.
It can be divided into External Cash Trapping (Trapping device situated over the cash shutter) and Internal Cash Trapping (Trapping device situated within the cash dispenser).
ExecutionExternal Trapping devices will be mounted prior to each customer transaction and collected directly afterwards.
Internal Trapping devices may be installed by forcing the cash shutter open or where the criminal gains access to the cash dispenser by making a low value transaction on a card they control. Internal Trapping devices may be capable of collecting several transactions in succession before being removed by the criminal
CharacteristicsThe device must be capable of concealing cash and resist any ATM mechanical attempts to purge;
ATM Deployer ImpactFinancial: If successful, a financial loss will be incurred
Operational: May sustain damage; may result in loss of service
Reputational: Could be impacted where customers trust the ATM has safely retained their cash later to discover their account has been debited
Card Holder ImpactNo cash received
Eavesdropping
DefinitionEavesdropping is the installation of an unauthorised device to capture data from the customer’s card
ExecutionThe criminal attaches the device internally at the ATM, typically by penetrating the fascia; additionally a PIN compromise device like a camera or PIN Pad overlay is installed; typically both devices will be collected after a period of time
CharacteristicsThe device uses the legitimate card-reading functionality of the card reader. This is typically achieved via a wiretap which sniffs the card data passing through the card reader, or by connecting to the magnetic read head (or pre-read head) within the card reader.
ATM Deployer ImpactFinancial: Nil
Operational: May sustain damage; may result in loss of service.
Reputational: Skimming could result in compromise of data and loss incurred by Card Issuers
Card Holder ImpactThe customer experiences a normal transaction and retains the card.
Transaction Reversal Fraud (TRF)
DefinitionTRF is the unauthorised physical manipulation of an ATM cash withdrawal which makes it appear that cash has not been dispensed thereby causing a reversal message to be generated
ExecutionThe criminal requires an active payment card approved for ATM usage and with sufficient available funds; they carry out a financial transaction and then physically manipulate the cash presenting sequence, either with or without the use of an unauthorised device. The criminal has gained access to, and removed, the cash yet the ATM perceives that no cash was dispensed and passes a reversal message for the Issuer to complete
CharacteristicsIf executed without a device the criminal needs a level of dexterity and timing in order to be successful. If using an unauthorised device, then similar to Internal Cash Trapping, the device must be capable of retaining cash and resist any ATM mechanical attempts to purge;
ATM Deployer ImpactFinancial: If successful, a financial loss will be incurred
Operational: May sustain damage; may result in loss of service
Reputational: Nil
Card Holder ImpactNil

ATM Related Physical Attacks

Type of CrimeDefinition
Ram Raids / ATM BurglaryThe ATM is attacked and either ripped out (Ram Raid) or the safe attacked in-situ (Burglary). The attacks can be carried out by brute force, or by using explosives or gas.
RobberyThe persons replenishing the ATM are attacked either when moving the cash to / from the ATM, or while conducting cash replenishment activities.
OtherRobbery (other than during cash replenishment), vandalism or cash trapping at the ATM shutter.