As if financial institutions didn’t have enough fraud problems to worry about, there appears to be another growing trend in the hacker ecosystem that’s caught the attention of the FBI: ATM cash outs.
Like most fraud trends, ATM cash outs aren’t a new phenomenon, but they have been getting national attention this month after it was reported that cybercriminals are likely in the works to commit a global fraud scheme that’s commonly referred to as an ATM cash-out. These financial attacks allow for fraudsters to withdraw millions of dollars in hours, according to a report by Krebs on Security.
This scheme involves malware that allows the hackers to gain access to banks’ customer card data, along with network access, in order to execute the theft of funds from ATMs on a massive scale. These “cybercrime gangs” as they referred to are believed to use phishing tactics to break into a bank or payment card processor system. This involves removing fraud controls from banks that would stop limits on the number of customer ATM transactions/limits allowed daily.
After the fraudsters compromise a a bank or payment card processor with malware, disable to fraud controls, this allows for the large withdraw of money using cloned banks cards. This allows for millions to be stolen before most financial institutions would be aware of the problem.
“The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation’,” reads a confidential alert the FBI shared with banks privately on Friday, according to Krebs’ report.
“Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities,” the alert reads. “The FBI expects the ubiquity of this activity to continue or possibly increase in the near future.”
The rise in ATM fraud has forced banks and credit unions to implement better fraud controls and continually upgrade their security features in order to think smarter about their fraud management strategies. What banks must consider is relying on fraud alerts that detect breaches in a matter of minutes and hours — instead of days and weeks.
Although it hasn't been reported if banks in the U.S. have been impacted by this latest ATM cash-out scheme, the fact that the problem is being shared with banks on a national level shows how real the potential threat could be.