NCR Atleos

Transaction Reversal Fraud at ATMs - Update

Guidance and recommendations

NCR is monitoring a series of Transaction Reversal Fraud (TRF) at ATMs in the United States, United Kingdom and Europe. In these attacks, the criminal uses a tool to break the shutter off the ATM which provides access to pull notes from the exposed S2 dispenser cash transport shuttle.

NCR recently issued a security alert to warn ATM deployers of an escalation of TRF attacks against NCRATMs in the United States. These attacks have since spread across several cities in the U.S., and we are aware of attacks in the U.K. Industry reports have also identified similar attacks on other vendors ATM’s in Europe.

In response, NCR advised software setting changes be made in the base XFS platform layer or in the ATM application flow to mitigate losses due to these attacks. NCR also released packages that could be used in the North American Activate Enterprise (AE), Edge and USN application environments to apply the recommended platform setting change.

At this time, we are issuing an update to announce that software changes are being developed that can detect this class of TRF. NCR recommends that ATM deployers treat these software updates as critical and apply to ATMs at the earliest opportunity. Any ATM that does not have this software update is at risk of cash losses due to TRF.

Software update details:

NCR is making updates to the base XFS platform software and the NCR application software. We are implementing software changes that will enable the S2 dispenser to detect this specific class of TRF. The mitigation advice previously given to customers will only address the most common field attack method. These critical software upgrades are required to provide protection from possible variations in the attack technique. Base XFS platform and application software upgrades must both be applied. While this software update will detect probable fraud scenarios, it is also possible that genuine equipment malfunction could also be detected as fraud.

Customers who have subscribed to NCR’s Software Distribution* Managed Service offer will be contacted by our software operations teams to coordinate the distribution of the TRF update.

(*including customers who purchased the Service and Software Management bundle or the Integrated Managed Services bundles that include Software Distribution)

For NCR ATM as a Service customers these SW updates will be applied ASAP.

For details on how to obtain this new platform and application software, please contact your NCR representative.

Sign up for NCR Atleos Security Updates

As part of our commitment to ATM security, we regularly provide alerts and updates to the market on global ATM security issues and situations.
We issue alerts when:

We receive reports of new ATM attacks
We receive reports of modifications to ATM attack methods
Industry compliance issues require actions by ATM deployers

Keep yourself fully informed by signing up today.

First name*

Last name*

Email*

Company*

Country*

Title*

Click here to opt-in to NCR Atleos Security Updates*

*By checking the subscription box, you agree to receive emails from NCR Atleos about products, updates and promotions that may be of interest to you. You can withdraw your consent at any time by clicking here to manage your subscription choices, and click here to access NCR Atleos’s Privacy Policy.

Submit

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.