Katie BaileyA recent report highlighted an uptick in Automation Teller Machine (ATM) “jackpotting,” a type of attack where criminals gain physical access to a machine and manipulate its internal Personal Computer {PC) to force unauthorized cash withdrawals. These incidents often involve opening the top hatch with a common service key and installing malware or connecting an external device that overrides normal operations.
Strengthening both physical and logical security is critical. Hard drive encryption, hardened applications, and managed application allowlisting are especially effective in preventing system compromise. An alarm on the ATM’s top hatch can also provide early warning of attempted access.
Members ATM Alliance offers a comprehensive suite of protections through its managed services program to help credit unions defend against this type of attack.
A layered ATM security framework includes:
• Perimeter defense: Secure VPN (Virtual Private Network), hatch protection, user access controls
• Network defense: Host-based firewall, segmentation, port blocking
• Host defense: Anti-virus, BIOS (Basic Input/Output System) passwords, application allowlisting, hardened operating system
• Application defense: File integrity monitoring, change control
• Data defense: PCI (Payment Card Industry) compliant PIN (Personal Identification Number) pad encryption, masking sensitive data, full disk encryption
For more information, click here or contact a League Consultant at consult@myleverage.com or 855-9EXPERT (855-939-7378).
