European banks warned: brace for rise in cash machine fraud

Unless there's better security in cash-machine infrastructure, banks and consumers will be dogged by e-criminals

Banks are likely to see cash-machine fraud rise unless steps are taken to improve their cash-machine infrastructure, the European Network and Information Security Agency (ENISA) has warned.

ENISA said banks are currently at a "delicate transition stage" whereby overlooking the risks to automated teller machines (ATMs) means losing ground in a critical fight that is important to every nation's economic system.

Generally speaking, once ATMs installed, they are poorly managed and rarely updated, according to the report "ATM Crime", released Monday.

European banks in 22 countries lost a collective €485 million [m] due to ATM fraud in 2008, according to figures released earlier this year from the European ATM Security Team (EAST), a nonprofit group composed of financial institutions and law enforcement.

A total of 12,278 attacks were reported on ATMs, which represented a 149 percent increased over 2007, EAST said.

The most common attack was "skimming," or attaching equipment to an ATM that records a card's magnetic stripe and then using surreptitious means to capture a person's PIN (Personal Identification Number).

Then, a blank ATM card can be programmed with those details and used for fraudulent transactions.

Close to €400 million [m] ($US695) of the fraud occurred outside the country was the card was issued.

That's because around 90 percent of European banks now use chip-and-PIN cards, also known as EMV cards, where the ATM, as well as most point-of-sale devices, check to see if the card has a special microchip.

But many machines in countries in countries that don't use chip-and-PIN won't check for the chip and rely solely on the magnetic stripe and PIN to authorize the transaction.

While banks have taken measures to make their ATMs more resistant to skimming and educate consumers on how to notice tampered machines, there are variety of other weaknesses in ATM systems, ENISA said.

"ATMs often now use publicly available operating systems and off-the-shelf hardware, and as a result are susceptible to being infected with viruses and other malicious software," ENISA said.

Many machines run on Microsoft's Windows operating system. Patches have to be tested and licensed by the manufacturer of the ATM, making an additional obstacle in keeping the machines up to date.

It increases the chance that ATMs -- which often have unencrypted links with banks' back-end systems -- are more vulnerable to worms and malware.

For example, some Diebold ATMs became infected with the Slammer worm in 2003, ENISA said.

Earlier in the year, some sophisticated malware was discovered on ATMs in Eastern Europe.

It recorded the magnetic stripe information on the back of a card as well as the PIN (Personal Identification Number).

The collected card data, which was then encrypted, could be printed out by the ATM's receipt printer.

That printout could be obtained through a hidden software control panel displayed after the thief inserted a special card into the machine.

It hasn't been revealed how the malware was installed on the ATMs in Eastern Europe. But ENISA warned that ATMs positioned in unprotected areas with accessible power connections and network links makes it easier for an attacker.

"Security issues related to the ATMs are too often not recognized," the report said. Very few banks, if any, have conducted a formal and complete security risk assessment of their ATM infrastructures, according to the report.

"The use of the concept of 'security through obscurity' that has long gone along with dedicated devices is conceptually wrong, and is proving to be so as the global trend of bank fraud rises."

Join the PC World newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags europeATMsecuritybanksfraud

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?