Rising ATM fraud: Strategies for protecting you and your members

Consumers (and credit unions!), be on alert. ATM fraud – particularly “skimming” – is increasing today. In fact, ATMmarketplace.com recently reported that more than $2 billion in ATM losses are suffered globally each year, a number that is quickly rising. And 98 percent of these losses are due to skimming fraud.

According to Statisticbrain.com, there are approximately 425,000 ATMs today in the U.S., and the majority of them have yet to upgrade to EMV security technology. Without EMV, an ATM is particularly vulnerable to skimming fraud, in which counterfeit magnetic stripe cards are used to withdraw the machine’s cash from an unsuspecting cardholder’s account.

The U.S. Lags Behind in its Migration to EMV

One of the reasons the U.S. remains such a hotbed of ATM fraud is that many other countries around the world have already implemented EMV. As a result, fraudsters are moving away from EMV-compliant locales such as Europe, South Africa and Canada, and instead concentrating their efforts on what they see as a treasure trove of highly vulnerable machines here in the U.S. And this promises to be the case until EMV market saturation reaches a critical mass.

Plus, while the ATM platform itself sits squarely at the scene of the crime, it is not the root cause of today’s ATM skimming crisis. The bigger issue lies in cyberspace, where volumes of stolen card data resides, including tens of millions of records collected by fraudsters during recent mass-merchant security breaches. This account information, available for purchase on the dark web, is loaded by fraudsters onto counterfeit magnetic stripe cards which can function like the real thing, especially when inserted into a non-EMV-enabled ATM.

All of which makes a compelling case for credit unions and other financial institutions to upgrade their ATM fleets with EMV card readers.

So where do U.S. ATMs stand on their journey toward EMV compliance? CO-OP Financial Services estimates that at least 20 to 30 percent of the firm’s client credit unions are on track to implement EMV by October 2016, and that the vast majority of U.S. financial institutions overall will roll out EMV across their ATM fleets by the end of 2017.

Recognizing ATM Risks

There are security measures that members themselves should take, and as a trusted resource for them, you should inform them on best practices. Make sure they know that the most secure ATMs reside within a vestibule at the financial institution itself, and also that utilizing the same machine or location consistently will help them become more familiar with their surroundings.

This is important because they should always examine the ATM and look for anything out of the ordinary before inserting a card. Unusual splash screens or new external fixtures could indicate the presence of skimming equipment, cameras or malware. And if a device looks at all suspicious, they should report it immediately to the credit union, owner of the ATM or directly to law enforcement.

The Importance of Visual Inspections

Credit unions should also have procedures in place to ensure the integrity of their ATMs.  Branch personnel and servicers should regularly conduct visual inspections in compliance with the guidelines established by the Payment Card Industry Data Security Standards Council.

And, if not already underway, it is important to take those first steps toward migrating your ATM fleet to EMV. Financial technology companies, such as CO-OP Financial Services, can assist you through the process.

However, even with all the security that EMV provides, the age of card fraud is far from nearing its end. Historically, when perpetrators of fraud see a door close, they move to another channel. And as EMV adoption continues to make strides across the U.S., we are also experiencing a rise in card-not-present fraud.

So remind your members to be vigilant about all transactions – both card present and card-not-present – and to utilize advanced security tools such as mobile apps for card controls and alerts. With this technology, members can put exacting restrictions on how their cards are used, blocking fraudulent transactions before they are carried out.

In the fight against card fraud, there is no substitute for an informed, aware member. Investing in the right solutions – and then engaging your member base with them – will ensure that you minimize card fraud and the disastrous impact it has on everyone involved.


Terry Pierce

Terry Pierce

Terry Pierce is a Senior Product Manager with CO-OP Financial Services, a Rancho Cucamonga, California-based financial technology provider to credit unions (www.co-opfs.org). Pierce can be reached at terry.... Web: www.co-opfs.org Details