Posts

ATM Security and Fraud Prevention: How to Secure Your ATM

There was a time when ATM machines were targeted by criminals only for the cash inside. However, modern ATMs house something else that’s just as valuable as the cash: consumer data.

An ATM doesn’t store any customer information. But, it does collect it and transmit consumer data. This presents a challenge for ATM owners, because they now must secure their machines against multiple types of attacks.

The good news is that ATM machine manufacturers have developed technology to protect against modern ATM attacks and fraud. And, it’s relatively simple to secure your ATM machines, if you know what to do.

Solid ATM security protects you, your ATM customers, and the banks.

Obviously, protecting your equipment and cash is a big deal. But, a secure ATM machine also protects your customer credit or debit card information. And, it helps shield the bank against fraudulent charges and reputation damage, since many consumers will blame their bank for security breaches, rather than the independent ATM owner.

There are a lot of benefits to properly securing your ATMs. So, here’s what you need to know to keep your ATMs safe.

ATM attacks

ATM attacks are separated into two broad categories: physical attacks and logical attacks.

Physical attacks are a simple attempt to smash the ATM machine and break open the cash vault. The term “simple” is accurate here, since most criminals try something like ramming a truck into the ATM or the wall that the ATM machine sits against inside a building.

Logical attacks are more sophisticated and rely on electronic devices to breach the software or hardware of the machine. Logical attacks extract cash by taking control of the machine or causing it to malfunction.

Even though they extract money differently, most logical attacks still require some physical breach of the case to gain access to the circuitry. So, defending against logical attacks is still mostly a matter of physically securing your machine.

Let’s talk about how you do that.

ATM security: How to protect your ATM machines

The best way to keep your ATM machines safe is to use a layered approach. If one security measure fails, a second security measure should be there to back it up.

Here’s how to layer your ATM security.

Security Cameras for Your ATM Machine

ATM location

The first security measure should be the ATM location. Often, just the placement of your ATM is enough to deter an attacker.

Clearly, you need to avoid isolated or poorly lit areas. But, also consider other aspects of your ATM location.

  • Gas stations, convenience stores, and pawn shops are great for getting lots of transactions. But, these locations also experience higher crime rates than many establishments. 

    If you put an ATM in one of these businesses, work with the owner to get your ATM placed inside, away from large windows, and against a wall with limited exposed surface area on the outside. Also, make sure that your ATM is covered by security cameras.

  • Place your ATM machines so that physical access to the case is limited. 

    Logical attacks require a breach through a seam in the case or the cash dispenser. If your ATM is in a corner or alcove that limits access to the sides of your machine, it’s much more difficult to establish the necessary breach for a logical attack.

  • Place your ATM where users can be easily observed. 

    It takes much longer to breach an ATM machine than it does to make a standard transaction. So, it’s best if the business staff can see people using the ATM. That way they can intervene if someone seems to be tinkering with your machine.

  • Scout the area before you install your ATM.

    It’s not that you can’t place an ATM in areas with a higher crime risk. But, you need to know what the area is like, so you can take appropriate security measures. Take some time to check out the surrounding neighborhoods before you get your ATM up and running.

Choosing a location might be the easiest part of securing your ATM. It’s not difficult. You just need to consider all the security risks.

Bolt your ATM down

Bolt ATM in Floor

This one is super obvious. And, bolting your machine down is easy.

However, business owners may have some concerns about you drilling into their floor. Getting permission to bolt your ATM machine down can be much trickier than the process of installing the bolts.

The key is to help the business owner understand that bolting the ATM machine down benefits them, too. They certainly don’t want people committing crimes in their establishment. That’s bad publicity. The establishment could lose business from customers who need to get cash for their purchase while the ATM is being replaced or is out of service.

Also explain that the bolts do very little damage to their floor. Typically, you’ll secure your machine with four half-inch bolts. And, you can hammer the bolts into the floor and cover them with epoxy once the ATM is removed. If the floor is tile, you can replace the tile that you drilled through to completely cover the marks.

Bolting down your ATM is all upside for both you and the business owner. You just need to help the business owner understand that.

ATM Enclosure via TPI TexasHarden your ATM case

Logical attacks require access to the mainboard or other internal electronics. Most criminals will breach the top of the case to access the mainboard, or a seam on the side of the case to access cabling between the mainboard and the dispenser.

So, fill the seams if they’re not reinforced already. Or, place an internal barrier between the case and the critical electrical components. That way, even if they’re able to open a small crack in the case, a secondary barrier will help prevent the criminal from accessing anything vital.

Finally, if you use an ATM vaulting service or have an employee who restocks your machines, limit the number of people who have keys, and change the keys periodically, if you can. 

Digital security

Many logical attacks rely on outdated software. There are plenty of technologies that didn’t exist when some older ATM machines were manufactured. Older software often has no safeguards against modern logical attacks. So, criminals will target machines with software security holes.

The simplest way to digitally secure your ATM machines is to keep the software updated. The upcoming Windows 10 update will force an update of many older ATM machines. But, establish a schedule to keep your software current.

ATM insurance

ATM insurance must be your last resort. Even though it will help you recoup any losses from an ATM theft, losing your ATM machine or the cash inside is not ideal.

However, carrying insurance to protect your investment is smart. It’s difficult to make your ATMs impervious to attacks. Your ATM insurance protects you in the unlikely event that all your other security layers fail.

But, if you take the proper steps to secure your ATM machines, you’ll greatly reduce your risk of an ATM attack or ATM fraud. And, your ATMs will safely rake in money without any issues.

ATM Security Update: How To Enable TLS 1.2 Protocol

The Announcement

The PCI Security Standards Council has mandated that the use of SSL and Early TLS (i.e. TLS 1.0 or 1.1) protocols be discontinued effective June 30, 2019. All network providers and processors are making preparations to ensure they are compliant by the June 30, 2019 deadline. To prevent any downtime, make sure your ATM terminals have been updated with the latest software and security certificates.

After this date, ALL ATMs using SSL or Early TLS (i.e. TLS 1.0 or 1.1) communications protocol will stop communicating to the Host and fail to process any transactions.

What Does This Mean?

    • Network providers are already handling the TLS 1.2 communications protocol. Therefore, as soon as possible, set the communication protocol on your ATMs to use TLS 1.2 communication protocol.

  • Anytime you visit a direct connect TCP/IP communicating ATM verify that it is set to TLS 1.2.

In order to continue processing transactions …

  • TLS 1.2 Protocol MUST be enabled on your ATM Machine

Do I Need to Enable TLS 1.2?

You NEED to Enable TLS 1.2 if …

  • Your ATM is communicating via Hardwired Internet connection (TCP/IP)

You DO NOT need to Enable TLS 1.2 if …

  • Your ATM uses a phone line or wireless modem. Your machine will not be impacted if it is communicating via a phone line or cellular wireless device box already on TLS 1.2.
    • How do I know if my wireless box is TLS 1.2?
      • The chances of you having a wireless box that is not already on TLS 1.2 are low. If you are having trouble with your wireless device please call ATMDepot.com at 888.959.2269, or your Wireless Provider, with your device’s serial number. Remember, It is best to make the request while at the location where the device is in service. Our wireless department can update your device remotely.

How to Enable TLS 1.2 Protocol

Hyosung

Customer Setup > Select Processor > TCP/IP Type

  1. SLS/TLS = Enable
  2. SLS/TLS Version = Up to TLS v1.2

Genmega/Hantle/Tranax

Customer Setup > Change Processor > SSL Pass Through > SSL > SSL Version = TLS 1.2


If you do not see these options, please check that you have the required software version that supports TLS 1.2 protocol for each manufacturer.

Recommendations

  • Keep Your Software Up-to-Date

    Keep your ATMs updated with the latest software to be compliant. Listed below are the latest software versions:

    Hyosung

    – WinCE 5.0:  V01.01.34
    – WinCE 6.0:  V06.01.34

    Genmega/Hantle/Tranax

    – V05.00.34

  • Confirm EMV Enabled

    While you are updating the software on your terminal, it is important to also check that EMV is Enabled.

    The MasterCard EMV Liability Shift occurred on Friday, October 21, 2016. ATM owners are liable for fraudulent MasterCard transactions if machines are not EMV compliant.

    Hyosung

    Operator Functions > Customer Setup > Optional Function 1 > EMV > Enable

    Genmega/Hantle/Tranax

    Operator Functions > Customer Setup > Option Function > EMV – Enable

How to Enable TLS 1.2 – Infographic