How has 2020 changed the ATM security landscape?

The need to secure ATMs is nothing new for banks—since their introduction over 50 years ago the appeal to steal money from electronic cash dispensers has been a prime motive for thieves. Only the ways in which they’ve broken into ATMs have evolved, and, in some cases devolved. This year, the pandemic and mass protests had an impact on the security of ATMs in both good and bad ways and that’s partially down to their location.

Findings from an ATMIA and NCR Security Survey of the last six months show footfall to bank-operated ATMs increased while those owned by independent ATM networks saw significant decreases. This is mainly because ATMs located in retail and other areas were inaccessible because of store, restaurant and other business closures during the early stages of the pandemic.

LINK, the UK’s largest ATM network, reported a 60 percent drop in withdrawals in April, during the height of pandemic lockdowns. Recovery has been steady since then, but transaction levels are still below those of 2019. 

   Source

Reporting second quarter results, Cardtronics said they continue to see recovery in transaction levels across their geographies. Also, their cash in circulation continues to surge to record levels with cash dispensed from its U.S. ATMs increasing by double-digit percentages year over year.

This shows the ATM is still an essential way to provide access to cash and wider banking services. 

Attacks on ATMs: Pandemic twists and turns    

H.G. Wells said “Human history becomes more and more a race between education and catastrophe”—and the year 2020 may be here to prove his point. Adjusting to a global pandemic affected every industry world including financial institutions and their ATM security.

According to 60% of the survey respondents, 2020 has seen an increase in ATM attacks, which is somewhat surprising at first glance. Year-over-year data shows that ATM theft always rises; it doesn’t stay the same or go down. So, the survey suggests that stay-at-home orders and building closures may have curtailed crime and led to a net reduction in ATM attacks.

What’s more interesting is that the most common type of attack has gone against previous trends. For the first time, card skimming doesn’t top the list, which is even more telling when you look at the demographics of respondents. Just under half are from North America, which is the region that traditionally records the most incidents of card skimming fraud across the globe.

So, what did top the list of ATM attacks this year? Vandalism. Thirty percent of survey respondents cited this as the most common attack in 2020. Again, the current climate can explain this unexpected result, as the U.S. and many other cities across the world saw increasing civil unrest. The dramatic rise of explosive and pull-out attacks may be tied to this phenomenon. Indeed, Philadelphia explosives were used to rob 50 ATMs and there were many other cities that got hit, too.

The survey showed logical attacks didn’t happen as frequently in 2020, which hopefully means the industry is improving security. But these attacks are still happening, with Belgium recently reporting its first jackpotting attack (where criminals install malicious software and/or hardware on an ATM to force the machine to dispense all its cash on demand).

Next-generation security    

As cyber criminals get ever more sophisticated, financial institutions and ATM deployers have to keep at least one step ahead and look to the next generation of security. This includes next-generation solutions like contactless ATMs. Indeed, 64 percent of survey respondents agree they’re increasingly enabling contactless transactions as a new form of protection; contactless ATMs help reduce risk by removing the need for a magnetic strip to authenticate users.

Financial institutions are also increasingly looking to biometrics and facial recognition as a way to reduce fraud risk. They’re also using more advanced remote monitoring tools and doing more video surveillance to identify fraudulent activity in real time and take action.

Enterprise management will also increase as a way for FIs to better manage and control their endpoints. There are important benefits to upgrading the enterprise in this way, including greater flexibility in security update deployments and greater visibility for cash management, with the ultimate impact on ATM availability, uptime and—ultimately—customer experience.

What’s next?    

We drew five main conclusions from this year’s ATMIA/NCR security survey:

• Security will remain a priority for financial institutions and ATM deployers
• They’ll need next-gen security strategies to stay ahead of sophisticated cyber criminals
• FIs can also enable contactless ATMs to remove the need for a magnetic card stripe to reduce card skimming fraud
• Contactless transactions themselves will accelerate
• Updated enterprise management systems will continue to provide greater control, visibility and flexibility

Security remains a top concern—and for good reason.