These 5 ATM security tips will help you protect your one and only business asset: your ATM machine. Aside from the machine itself, which cost you a few thousand dollars, that machine houses hundreds of dollars in cash as well as access to consumer data.
To protect yourself, your customers, and the banks, follow these 5 security tips. They’re simple and cost much less than the consequences of an attack.
Potential ATM Machine Security Risks
There are two types of risks you face operating an ATM machine: physical attacks and logical attacks.
Physical attacks involve tampering with the machine itself whether it be vandalism or an attempt to break into the safe, uproot the machine, and access the cash inside.
Logical attacks involve accessing the mainboard and other internal electronics to breach the software or hardware. If successful, logical attackers are able to control the machine or cause it to malfunction therefore giving them access to cash without having to break into the safe.
There are a number of ways fraudsters and scammers can tamper with an ATM machine in order to access users’ card and PIN information. As an ATM owner, check your machine carefully every time you visit it to protect your machine and your customers.
Pinhole cameras can be inserted into ATM machines in order to record users’ PIN numbers. This is why it’s wise to cover the PIN pad with the other hand when using it because, as the name suggests, the camera is not obviously visible. However, loose parts around the card slot or keypad can indicate the presence of a pinhole camera.
Fake fronts are card or cash capture and PIN capture devices. They provide fraudsters with quick access to cash. By attaching an entirely fake front to an ATM machine, fraudsters are able to capture PINs and money.
Skimmers and Shimmers
Skimmers are tools that attach to an ATM’s card slot and secretly capture card details when withdrawals are made. A shimmer is smaller than a skimmer and is used to collect data from a card’s chip.
An unusually bulky card slot indicates that a skimmer is being used. Misaligned or misprinted stickers are another red flag. These indicate an attempt to cover up where a device has been installed.
A Lebanese loop is a device that traps a card inside the machine. When this happens, the ATM will keep asking for a PIN since it can’t read the card. This leads users to believe that the card has been swallowed by the machine, which sometimes happens.
However, in the case of a Lebanese loop, once you abandon the machine, the fraudster then has the opportunity to collect your card. Therefore, if you lose your card inside of an ATM machine, call a technician to retrieve it or immediately cancel the card with your bank and get a replacement with a new card number.
Counterfeit PIN Pad
Counterfeit PIN pads will feel loose, thick, or sponge-like. This is because there is a device on top of the legitimate PIN pad that is capturing the PIN while recording it correctly on the ATM to complete the transaction. This way, users remain unsuspecting because the transaction takes place as usual. Numbers are typically transferred instantly via WiFi to the fraudster to use later.
To protect yourself and your customers from these attacks, follow the following 5 ATM security tips:
5 ATM Security Tips
1. Place Carefully
First, place your ATM machine carefully. Not only should you consider the location of the establishment itself, but also the location within the establishment.
Plan ahead for locations with high crime rates like gas stations, convenience stores, pawn shops, etc. Make sure there are security cameras in the area or provide your own. Cameras not only deter criminals, they also provide a real-time feed of your ATM machine and its activity.
Place your ATM in an open, well-lit area. Position the machine to have as many eyes on it as possible, whether it be in a busy aisle or in view of cashiers and other employees.
Finally, limit physical access to the case to prevent logical attacks and tampering. If the machine is against the wall or blocked by shelves or other furniture, it will be difficult for scammers to access points of ingress.
2. Bolt Down the Machine
Bolting down the ATM machine prevents strangers from moving and manipulating it. You will want to get permission from the location owner first as you will have to bolt the machine to the location’s floor, but damage is minimal and residual blemishes can be covered up easily. It will be worth it in the end to prevent any physical attacks.
Your machine should come with 4 pre-drilled holes, one in each corner of the base. Then, with a hammer drill and ½” concrete bits, you will drill about 4” deep. You can also finish with red heads, special concrete anchors (½” x 4.25”) that are hammered through the hole in the base plate and then into the concrete. You can also instruct the ATM installer to bolt the machine down for you.
3. Restrict Access to the ATM Case
Logical attacks require access to the mainboard or other internal electronics, so you will want to secure the top of the case and the seam on the side. If there are gaps, criminals can access cabling between the mainboard and dispenser and gain control of the machine or cause it to malfunction.
You can either fill the seams or place an internal barrier between the case and the critical electrical components. This creates a second barrier which can deter a criminal even if he or she succeeds in breaching the seam.
Finally, limit the number of people who have access to the ATM. Provide keys to only a few trusted individuals as needed and change them periodically if possible.
4. Regularly Update Software
Logical attacks require access to software. The older the software, the easier it is to breach because it will lack modern safeguards. This is why it’s important to keep software updated. Criminals will target machines with software security holes, so establish a schedule to ensure you don’t forget or neglect to update your software with the latest security upgrades.
5. ATM Insurance
If all else fails, hopefully you will have an insurance policy. ATM insurance won’t prevent an attack, but it can protect you after the fact. In the worst case scenario, you will want to be able to recoup any losses. Fortunately, ATM insurance is relatively inexpensive.
If you own your own store or business where your machine is located, see if you can add the ATM machine to your existing business insurance policy. If not, or if your machine is located in a standalone location, shop around for an ATM insurance policy.
Like any other insurance policy, ATM insurance can be customized to meet your specific wants, needs, and budget. You will want a policy that covers your machine and cash. The premium rate is based on the amount of coverage, the company providing it, and your budget—your policy can be customized to cover any potential risks you want to mitigate.
Consider coverage for any of these scenarios:
- Stolen cash
- Removal of the machine
- Repairs or replacement due to physical damage
- Robbery while cash is loaded or unloaded
General liability coverage can range from about $400-$700 a year. For many people, it’s well worth it for peace of mind.
Protect Yourself and Your Customers with These Security Tips
Preventing attacks—whether physical or logical—protects your ATM machine, yourself, your customers, and the banks that have to deal with fraudulent transactions and replacement cards. Use these 5 ATM security tips to safeguard your machine, but also be on the lookout for any signs of tampering.
Purchasing a camera is the best way to prevent any kind of attack. Not only will it deter criminals, but with your own camera you can also always keep an eye on your machine and make sure no one tampers with or lingers around it.
The better prepared you are, the less likely you are to experience an attack. And remember to always check for signs of tampering.