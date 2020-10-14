Business

ATMIA, PCI warn of new ATM fraud

The ATM Industry Association (ATMIA) and the PCI Security Standards Council are warning financial institutions and payment processors of an emerging attack known as “cash-out” that breaches and manipulates an Automated Teller Machine’s (ATM) fraud detection controls and ultimately the machine of all cash, according to a press release. The ATM cash-out attack works by gaining remote access to a card management system by inserting malware or via phishing.

These attacks then exploit any vulnerabilities of the system, giving fraudsters access to pin numbers of compromised cardholder accounts and the ability to create new accounts. Credit and debit cards of these new and compromised accounts are given out to a criminal team who then make withdrawals at ATMs in a coordinated manner until the machines are emptied of cash. According to the statement, these attacks have happened globally and occur quickly, making early detection before damage occurs critical.

ATMIA, PCI , however, recommended that early detection of the fraud can be made in several ways, including: Installation of a 24/7 file integrity monitoring system and a reporting system that sends an immediate alert when suspicious activity is identified; development and practice of an incident response management system; monitoring for unexpected traffic sources and unauthorized execution of network tools; continuous phishing training for employees; multi-factor authentication and strong password management and employee monitoring systems to guard against an “inside job.”

In addition, they recommended that financial institutions and payment processors should also choose software vendors with built-in security for software products which provide ongoing security and support throughout the software’s lifecycle.

