Fraudsters use a variety of techniques to target customers at your ATMs, and they also leverage hacking to remotely access your information. They’re after both immediate cash and information that they can use to steal identities or sell online. To protect your customers and your financial institution, you need to be aware of the risks of this type of fraud and implement strategies to reduce your exposure.
Most Common Types of ATM Fraud
There are several different types of ATM fraud. Take a look at the most common:
1. ATM Theft
This is when thieves physically steal your ATM. It’s relatively rare. There were only 254 incidents in 2022, but that still represented a 10% increase over 2021. To reduce the risk, keep ATMs inside of your branch, and make sure that drive-through ATMs are set into brick walls or under very good lighting.
2. Card Skimming
This is when criminals install skimming devices on your ATMs to capture card information. They read the magnetic strip on the device and record the card’s number, CVV, and expiration date. Then, when your customers type in their PIN, the skimmer also notes that detail.
In 2022, 161,000 cards were affected by skimming. That’s five times more than the previous year. However, this was not all from ATMs, it was also from skimmers on gas pumps and point-of-sale systems.
To reduce the risk, manually check your ATMs for signs of skimmers on a regular basis. Also, educate your customers about the risks of skimming, and monitor your customers’ accounts for signs of unusual behavior that may signify card theft or account takeover.
3. Shoulder Surfing
This is when a thief steals someone’s PIN by looking over their shoulder or by installing a small camera. Then, they sell the PIN online or steal card details so that they can use the PIN.
Again, educating your customers about the risks is key — put up signage reminding your customers not to reveal their PIN to bystanders. Consider adding plastic barriers around the outside of the ATM to reduce the ability of criminals to see what your customers are doing.
4. Cash Trapping
Cash trapping is fairly simple to carry out, which makes it a significant risk to banks. The thief simply needs to put a thin piece of metal or some tape in the ATM near the cash dispenser. When positioned correctly, this will collect the money instead of dispensing it.
The ATM will say that the cash has been dispensed, but when no money appears, the customer will usually assume that the machine has malfunctioned. After they walk away, the thief will grab the trapped cash and run.
Security cameras are key to preventing this scam. Make sure that your cameras are actively monitored and have a quick response ready for cases where the cameras are blocked. To carry out this scam, a thief only needs a few minutes to prep the machine and enough time for one victim to show up.
5. ATM Malware
Generally, an ATM malware attack must start in person. The thief cuts a hole in the outside of the machine to reveal a USB port. Then, they insert a USB stick and download malware onto the machine. The malware reboots the ATM and adds a hidden menu that only the thief knows how to access.
The thief replaces the cut metal to avoid detection. Then, they wait a few days until the ATM gets restocked with cash. After that, they go to the ATM, access the hidden menu, and have the ATM dispense all of its cash. In some cases, thieves may install malware that allows them to access your entire network of ATMs. Then, they can do this at all of your machines.
Closely monitor your ATMS to ensure that a criminal never has enough time to carry out this type of attack, and be aware that a savvy criminal can easily cut through a machine while making it look like they’re just carrying out a longer-than-usual ATM transaction. Also, stagger your schedule for adding cash to the machine to make it harder for people to carry out these types of schemes.
Critical Protection Measures
To protect your financial institution from the risk of ATM fraud, keep these tips in mind:
- Put the majority of your ATMs inside branches.
- For use outside of business hours, consider putting ATMs in vestibules that can only be accessed with an ATM card.
- To give your customers wider access to in-network ATMs, consider partnering with local businesses.
- If you must install ATMs outside, put them in well-lit areas.
- Monitor your customers’ accounts for signs of unusual behavior.
- Invest in ATMs with advanced security features.
- Make sure to use all of the security features on your ATM — don’t use default passwords, for example.
- Encourage your customers to use unique PINs and to avoid easy-to-guess numbers like their birthdates.
- Educate your customers about not using ATMs if they see anything suspicious around them.
Also, make sure that you’re making the most of anti-fraud technology. That includes ATM technology such as machines that read data from EMV chips instead of mag strips. It also includes physical measures such as safe positioning, good lighting, and updating your ATM’s internal software.
Beyond that, you need fraud detection tools in place that monitor all of your customers’ transactions. If something is out of the ordinary such as a large cash withdrawal in a location where your customer doesn’t usually go, you should seek manual verification that the transaction is legitimate.
Get Help From SQN Banking Systems
To protect your customers from ATM fraud and all other types of fraud, you need real-time solutions that get to know your customers’ patterns and that monitor activity across all payment channels. At SQN Banking Systems, we can help you put together a robust solution designed to protect your bank from the most relevant threats facing your customers.