ATM jackpotting attacks are a crippling threat to financial institutions and independent ATM depl in any way, ATM deployers can lose a great deal of money in a single attack, depending on the dispenser and denomination of notes loaded.
iStock/wissanu99
By Mark D. Smith, Director of Business Development, MVP Financial Equipment
Recent ATM jackpotting attacks, otherwise known as logical attacks, are a crippling threat to financial institutions and independent ATM deployers. While these attacks do not jeopardize consumer information or funds in any way, ATM deployers can lose a great deal of money in a single attack depending on the dispenser and denomination of notes loaded.
Financial institutions and independent deployers alike should perform a risk assessment on their terminals, especially those in isolated locations. Ensuring hardware and software are not outdated is the first step in avoiding a logical attack. ATM owners can avoid becoming a victim of ATM jackpotting by exploring and instituting these protective measures:
According to a new white paper from MVP Financial Equipment, Increasing Security at the ATM: Counteracting ATM Jackpotting, many of the terminals compromised in jackpotting attacks were still operating on the Windows XP platform. In 2014, Microsoft announced end of life for Windows XP leaving ATMs still using that operating system especially vulnerable without security patches and vital updates. Running unsupported software is not advisable, and many experts suggest upgrading to a Windows 7 or a Windows 10 operating system.
Windows 7 is more secure than XP, however Windows 7 will meet end-of-life in January 2020 leaving many ATM operators in the same situation they now face. Windows 10 is considered the most advanced upgrade on the market with built-in security against cyber threats.
Firmware updates, the software programs that run peripherals, such as the card reader or cash dispenser, is vital to security of the ATM operating system, and should be updated as well as directed by the manufacturer.
Complete protection goes beyond software, firmware and hardware updates. Standard behavior monitoring is built in to the newest operating systems like Windows 10. When used with video or other security sensors, these monitoring features help the terminal sense “non-standard” actions and shut the terminal down to avoid fraudulent activity.
Some companies offer a more comprehensive management solution that includes controlled access management, fraud detection and alerts, profile management to detects changes in hardware or software on an ATM, and real-time, instant status monitoring for any terminal in the network. For large fleets, complete ATM management software is an ideal solution that allows the master user to control service technician access and generate management reports for each terminal in addition to the included security features.
Logical attacks require some degree of system access. Blocking potential access ports and controlling who has access to sensitive components on a terminal, such as the main board and cash dispenser, are strong preventative measure against ATM jackpotting. This can be accomplished by maintaining a database of who has access to top box keys and installing an access management module that allows access for service technicians and other vital personnel via a one-time code. Alarm sensors can also be installed to alert location personnel of ATM access.
Mark Smith is business development director at MVP Financial Equipment, a U.S.-based full-scale ATM refurbishment and parts distribution company.
Sign up now for the ATM Marketplace newsletter and get the top stories delivered straight to your inbox.
Privacy PolicySeptember 9-11, 2024 | Charlotte, NC
 | Copyright © 2024 Networld Media Group, LLC. All rights reserved. |
Already a member? Sign in below.
You may sign into this site using your login credentials
from any of these Networld Media Group sites:
