The rapid increase in number and prevalence of mobile payment platforms have many industry experts calling for the “end of cash.” But the truth is - consumers are far from giving up on paper. A recent collection of data from RBR (Retail Banking Research) found that total global ATM withdrawals grew by 7% in 2014, with a total of 92 billion withdrawals made. A separate report by RBR projected the global installed ATM base to reach four million by 2020, up from just over two million in 2009 - and ATM related fraud is increasing at almost the same clip.
Increase in ATM Fraud
As has been covered in previous articles regarding the switch to EMV, the deadline for automated fuel dispensers (gas stations) and ATMs to become compliant are still a year (or more) away. For ATMs, the liability shift for MasterCard will take place in October 2016, and Visa in October 2017. In the meantime, ATM skimming is reaching record levels, with no signs of slowing down.
In a Wall Street Journal article, FICO noted that attacks on debit cards used in U.S. ATMs in the first quarter of 2015 reached their highest level in at least 20 years. Specifically, compromises of ATMs on bank property jumped 174% compared to the same period last year, which surprisingly paled in comparison to the 317% increase in compromises of ATMs not on bank property.
Unfortunately, given the extended deadline to make the machines EMV compliant, the recent issuance of new chip cards to consumers has not done much to deter ATM compromises. In fact, NCR, a provider of ATMs, released a security update on November 12th citing an “alarming increase in card skimming attacks at ATMs.” NCR also noted that the methods by which hackers are stealing information is growing increasingly more sophisticated. The security update listed eight different known categories of skimming, which now include categories that have been developed specifically to get around anti-skimming technology.
What’s Happening in Europe
An announcement released by the European ATM Security Team (EAST) in October reported a 15% increase in ATM fraud incidents during the first six months of 2015 as compared to the same time period a year ago. Card trapping attacks, where the physical card is captured inside the ATM, the PIN compromised, and then the card later retrieved by criminals and used for subsequent fraud withdrawals increased 18% year over year.
The most concerning however, was the 985% increase in Transactional Reversal Fraud (TRF), which is when an error condition is created at the ATM that makes it appear as if cash will not be dispensed. In this scenario, the account is credited for the error, but the criminal does in fact end up retrieving the cash by inserting a device (claw) and manipulating the dispensing mechanism in the ATM.
While skimming attacks in Europe decreased by 18%, they’re still prevalent, with 1,986 incidents reported in the first six months of 2015 alone.
How to Catch ATM Attacks Faster
In a press release by EAST, Executive Director Lachlan Gunnin stated, "Keeping an active magnetic stripe on a European [Chip and PIN] card continues to make that card vulnerable to card skimming.”
Because of this, ATMs should be treated with the same type of common point of purchase analysis that financial institutions would use for compromised merchants. Tools like Rippleshot are picking up on compromised locations weeks or even months faster than banks or credit unions would be able to do so on their own. While sending inspectors out to physically review machines for skimming devices is important, being able to digitally monitor all ATM locations for fraudulent activity as it’s happening keeps losses at a minimum. Learn more about how Rippleshot Sonar can help you detect ATM fraud faster than ever by scheduling a demo below:
