2019 ATM Security: Taking a Holistic Approach to Protecting the Automated Teller Machine

Despite criminal innovations, the simplest way to illegally withdraw cash from a bank is to exploit the weaknesses inherent in the business and operation of automated teller machines (ATMs). Whether criminals are organized internationally or domestically, the accessibility of mass-produced plastic cards, the limited number of ATM vendors, and a patchwork of fixes that safeguard devices in a piecemeal fashion have created the opportunity for prolific crimes. 

Crimes at cash machines should be expected given the trillions of dollars dispensed from ATMs each year. A single cassette can carry as much as one million dollars in cash — amounts unseen in brick-and-mortar, retail branches. 

This report will break down into two categories the risks that ATMs face: logical attacks that focus on the weaknesses embedded within the device’s software and operating systems, and physical ones that involve crooks breaking locks to cash dispensers. 

Key questions discussed in this report:

• How great a role will ATM investments play in the business plans of financial institutions (FIs)? 
• What is the state of the ATM threat landscape? 
• What solutions best combat those threats? 
• What obstacles exist to implementing those solutions? 

Companies Mentioned: Apple, Bank of America, Co-Op Financial Services, FIS, Google, JPMorgan Chase, Wells Fargo