Cash in Hand

Cash in Hand

Three ways to protect off-premises ATMs

If your bank, credit union or non-bank organization operates ATMs in remote locations, such as convenience stores or shopping malls, a bank heist that occurred in Japan last year probably caught your attention.

According to news reports, fraudsters used 1,600 fake cards to withdraw money from multiple ATMs belonging to the same South African bank. In just a few hours, the coordinated attack—focused on ATMs in convenience stores—drained the bank of more than $13 million.

While the magnitude of this fraud is rare, it should give ATM operators pause to consider the level of security they have in place around their off-premises ATMs.

Off-premises ATMs can be easy targets for thieves because they often don’t have the same level of security or surveillance that financial institutions have in their own branches.

Also, as ATM operators continue the transition to EMV or “chip” technology for bank cards, experts warn that self-serve ATMs and gas pumps are becoming more of a target for thieves. That’s because criminals are rushing to make a buck while magnetic strip cards, seen as less secure, are still being accepted by these channels.

According to credit scoring agency FICO, from 2015 to 2016, the number of payment cards compromised at U.S. ATMs or point-of-sale systems rose by 70 percent. Further, a full 60 percent of those compromises occurred at non-bank ATMs, following a similar pattern noted the previous year. In a recent report about ATM skimming, the agency said criminal activity was highest in places like convenience stores.

So what can banks, credit unions and non-bank operators do to better protect their ATMs and their customers? Taking a multi-layered approach to security is best.

Regularly Inspect Your ATMs

Operators should regularly inspect all of their off-premises ATMs. Are they functioning properly? Do they appear to have been tampered with? Are they located in well lit, high traffic areas?

It sounds simple, but taking the time to ensure that all of your remote ATMs are inspected in person can help prevent issues and detect suspicious activity sooner.

Deploy High-Quality Video Surveillance

Ensure you have adequate video surveillance in place. This means surveillance cameras capturing the ATM machine and its surroundings, but also ATM cameras inside the machines that capture clear views of patrons’ faces.

One recommendation is to use an ATM camera with High Dynamic Range (HDR), a feature that merges multiple exposures into one image with the best balance of lighting possible. This capability can be invaluable in ATM settings where patrons’ faces are often backlit with bright sunlight.

Proper video surveillance not only helps address crimes like skimming and card trapping, but it can also help deter other types of fraud, such as the depositing of empty envelopes or counterfeit checks.

Use Integrated Video, Transaction Data and Analytics

Regularly monitoring transaction data for suspicious activity is essential to thwarting ATM fraud like skimming or “cashouts,” where thieves drain the ATM of large amounts of cash through nefarious means.

By deploying a video surveillance solution that’s integrated with ATM transaction data and intelligent analytics, you can very quickly detect potentially fraudulent transactions, or even just suspicious activity, like loitering around machines.

Integrated video solutions allow you to very rapidly sort through all of your transactions and find irregular activity, such as the same person making multiple transactions with different cards or someone standing in front of an ATM for a period of time without making a transaction (a possible sign of someone installing a skimming device).

By configuring alerts, the system can automatically notify you when it detects this type of activity.

This article originally appeared in the September 2017 issue of Security Today.

About the Author

Daniel Caggiula is the banking solutions manager at March Networks.

Featured

  • Evolving Cybersecurity Strategies: Uniting Human Risk Management and Security Awareness Training

    Organizations are increasingly turning their attention to human-focused security approaches, as two out of three (68%) cybersecurity incidents involve people. Threat actors are shifting from targeting networks and systems to hacking humans via social engineering methods, living off human errors as their most prevalent attack vector. Whether manipulated or not, human cyber behavior is leveraged to gain backdoor access into systems. This mainly results from a lack of employee training and awareness about evolving attack techniques employed by malign actors. Read Now

  • Report: 1 in 3 Easily Exploitable Vulnerabilities Found on Cloud Assets

    CyCognito recently released new research highlighting critical security vulnerabilities across cloud-hosted assets, revealing that one in three easily exploitable vulnerabilities or misconfigurations are found on cloud assets. As organizations increasingly shift to multi-cloud strategies, the findings underscore significant security gaps that could provide attackers with potential footholds into networks. Read Now

  • Built for Today, Ready for Tomorrow

    Selecting the right VMS is critical for any organization that depends on video surveillance to ensure safety, security and operational efficiency. While many organizations focus on immediate needs such as budget and deployment size, let us review some of the long-term considerations that can significantly impact a VMS's utility and flexibility. Read Now

  • Paving the Way to Smart Buildings

    In today's rapidly evolving security landscape, the convergence of on-prem, edge and cloud technologies are critical. The physical security landscape is undergoing a profound transformation, driven by the rapid digitalization of buildings and the evolving needs of modern organizations. As the buildings sector pivots towards smart, AI and data-driven operations, the integration of both edge and cloud technology has become crucial. Read Now

  • The Cybersecurity Time Bomb

    If you work in physical security, you have probably seen it: a camera, access control system, or intrusion detection device installed years ago, humming along without a single update. It is a common scenario that security professionals have come to accept as "normal." But here is the reality: this mindset is actively putting organizations at risk. Read Now

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.