Jackpotting attacks add new dimension to ATM security concerns
ATMIA recommends review of relevant Best Practices and increased vigilance
SIOUX FALLS, SD (February 20, 2018) — Although ATM “jackpotting” has only just recently made an appearance in the U.S, ATMIA (the ATM Industry Association) security committees and consultants have been devoting significant effort over the past twelve months to update key Best Practices manuals, which will assist U.S. ATM operators in combatting this new threat. In addition, ATMIA is working with the FBI and cyber-security experts to develop additional anti-jackpotting strategies.
In some ways, the new rash of attacks is surprising, in that it is more complex and represents greater risk for the perpetrator compared to skimming, for example. Jackpotting is both a physical attack and a malware attack. It requires forceful access to the ATM’s internal components, followed by the injection of malware, which will cause the ATM to continuously dispense cash. The U.S. Secret Service issued a cautionary press release about the potential threat on January 26, 2018. However, American Banker reports that the first instance of jackpotting in the U.S. may have been a known case in Denver last October.
ATMIA members have access to up-to-date Best Practices for both physical security and cyber security. Relevant manuals include:
Best Practices for ATM Physical Security, Version 3
Best Practices for ATM Cabinet Security and Physical Key Management
ATM Cyber Security Briefing Paper, Version 3
Preventing ATM Malware, Black Box and Cyber-Attacks
Attendees at the ATMIA U.S. annual conference earlier this month had an opportunity to attend a break-out session presented by the U.S. Secret Service. In addition to the planned content on anti-skimming, the speaker provided a real-time update on efforts to shut down jackpotting attempts.
“Unfortunately, we have learned from experience that criminals don’t go away when one type of attack or another becomes more difficult or less lucrative,” said David Tente, executive director for ATMIA USA. “One of the advantages of our global footprint, though, is that when a new type of attack moves into the U.S. market from another region, we already have Best Practices in place – it’s not new to us.”
ATMIA will also issue a fact-based information sheet, compiled with the assistance of the U.S. Secret Service and FBI, within the next week.
About ATMIA
ATMIA is the leading non-profit trade association representing the entire global ATM industry. ATMIA serves more than 10,000 members from over 650 participating companies in 70 countries spanning the whole ATM ecosphere, including financial institutions, independent ATM deployers, equipment manufacturers, processors and a plethora of ATM service and value-added solution providers. ATMIA provides education, advocacy and connections to help its members keep abreast of industry news and developments; increase knowledge and professionalism; improve operational efficiencies; understand and influence regulatory processes; participate in the local, regional and global ATM community; and forge new relationships to advance their businesses. Founded in 1997, ATMIA has active chapters in the United States, Canada, Europe, Latin America, Asia-Pacific, Asia, Africa, India and the Middle East focusing on the unique needs and issues of each region. For more information, please visit atmia.com. Follow us on LinkedIn, Twitter, Facebook or YouTube.
