Diebold, NCR deploy software to combat ATM deposit fraud

Diebold Nixdorf and NCR have announced that they are deploying software updates for Automated Teller Machines (ATMs) impacted by deposit forgery.

 

The forgery occurred when fraudsters with physical access to an ATM machine tampered with internal software, modifying the amount of funds deposited and then withdrawing the non-existent cash before banks could detect errors in the account balance, according to a ZDNet report.

 

ATMs do not encrypt, authenticate, or verify the integrity of messages sent between an ATM cash deposit box and the host computer, which caused the ATMs to be vulnerable to fraud.

 

The software bugs were discovered in 2018 by researchers at a Moscow-based security firm sanctioned by the U.S. Treasury Department, which allegedly was working with Russia’s Federal Security Service to strengthen its cyber capabilities, according to the report.

 

The researchers discovered the bugs in Diebold Nixdorf ’s ProCash 2100xe USB ATMs running Wincor Probase software and NCR’s SelfServ ATM running APTRA XFS software. Both bugs were identical and identified in the ATMs by the CERT Coordination Center at Carnegie Mellon University.

 

Before researchers could disclose information about the forgery to the public, the CMU Cert center had to first obtain a special permit from the Office of Foreign Assets Control at the U.S. Treasury department. Once sanctions were lifted and the permit obtained, both ATM manufacturers provided updates for the models affected.

