CUNA has teamed with other financial services organizations to create a white paper, “Understanding ATM Attacks,” explaining how cybercriminals conduct such attacks and how financial institutions can protect consumers. The paper was released by the Financial Services Information Sharing and Analysis Center (FS-ISAC), and is a joint effort between CUNA, FS-ISAC, the American Bankers Association and the Independent Community Bankers Association.

“Cybercriminals target ATMs through both physical and computer-based means to steal funds for a cybercrime gang or a nation-state,” the three-page paper reads. “These attacks often occur around holidays in an attempt to circumvent or delay detection. This may involve the creation of fraudulent payment cards at one or more financial institutions.”

  • Skimming attacks using devices that may sit on top of the ATM PIN pad and/or card slot or inserted deeply into the card slot. Usually, the information captured from the skimmer and camera is used to create cloned cards;
  • Shimming attacks are similar to skimming attacks, except that criminals use special mechanisms inserted deeply within the ATM to capture the chip information on newer chip-enabled cards. This information is used to create cloned cards;
  • Cash-out schemes in which criminals use ATMs either locally or globally to drain funds from multiple accounts held at one financial institution. These attacks use legitimate card numbers that were stolen and involves the manipulation of the account balances and withdrawal limits; and
  • Jackpotting attacks, in which criminals use physical and/or logical methods to force one ATM to dispense all the cash, just like a slot machine.

The paper also examines

  • Common misunderstandings about ATM attacks;
  • Information on how institutions protect consumer accounts; and
  • Steps consumers can take to protect accounts.

FS-ISAC is an industry forum for collaboration on critical security threats facing the global financial services sector. CUNA is a member.