ATM cash-out attacks are exceptionally designed and carefully executed global cyber-attacks. The hackers crack the cyber-security system of payment card processor or a bank to withdraw a large amount of money from the ATM by using cloned debit cards. ATM cash-out attacks involve updating the malware on the host network.
Before executing an ATM cash-out attack, the cyber-criminals remove all the fraud control measures in place using different techniques. Some of the fraud control measures used by the banks are the limited number of customer transactions per day and the maximum ATM withdrawal amount. Most of the ATM cash-out attacks occur during weekends; post the financial institutions are closed. The mitigation and protection from ATM cash-out attacks rely on how quickly it can be detected and shut down.
The criminals have the skills to alter security measures and change the account balance to unlimited during the time of transactions. The criminals regularly create fake copies of regular debit cards with a magnetic stripe and use it for ATM cash-out attacks.
• The cyber-criminals gain remote access to the issuer’s card management system in the first step.
• Once the cyber-criminal gains remote access to the card management system, the money mule networks help them to open new accounts with prepaid, distributed debit, or chip cards, with duplicate magnetic stripes, and negotiated PINs.
• The money mule networks present around the globe would be used to make transactions at various ATMs.
• The cyber-criminals then reset the transaction and balance counter with access to the card management system. To get access to the amount and transaction limits and to authorize the withdrawals.
• The withdrawal of cash from ATMs is carried out by the money mules. In this way, the attackers steal a large amount of cash from banks within a couple of hours, using ATM cash-out methods.
Measures taken by banks to safeguard ATM ecosystem against the ATM cash-out
The majority of banking networks have enforced the transaction monitoring capabilities, helping them to expose or identify the irregular transaction traffic of the account and financial institutions. If the networks recognize any abnormality or irregularity, they reach-out to the processor or issuer to check the transactions in detail. Until the situation is acknowledged or if they are not able to contact issuers or processors, to avoid further transactions, some networks block the unusual activity right away.
The methods are followed by processors and issuers to defend cash-out attacks are:
Following standard cyber-security protocols associated with the management of system access control and password-strength prevents the abuse of system access credentials. Point-to-point data encryption and tokenization helps to seamlessly encrypt all sensitive data present in the backend as well as data available on the debit cards. The encrypted data is then stored safely at the backend.
It is essential to address the network and processors with the additional monitoring capabilities that might help to mitigate the ATM cash-out attacks. Digital signing techniques can be used by the processor or issuers to add a layer of security. Digital signing prevents unauthorized access as it validates transactions with the key-pair approach. The key-pair approach contains a private key and a public key. Private keys help to sign the transaction information, and the public key plays a crucial role in authenticating the transactions.
Bank decides on adding the additional layer of verification or authentication for the unknown changes occurring in card management data fields, such as transaction counters and account balances. Point of sale terminals can use OTPs with the predefined expiry date as an additional authentication factor.
Protecting the digital signatures and encryptions keys from attacks require robust safety mechanisms. As encrypted keys are compromised, the complete cyber-security systems of the banks are distressed. Hardware Security Modules (HSMs) protects the private keys used for encrypting the information. Hardware security modules manage to store the encryption keys inside a tamper-resistance and hardened hardware device.
The banking institutions need to review card data and transaction logs regularly to check for the ATM cash-out attacks.
Preparing an incident response plan and installing an incident management system is required to protect from ATM cash-out fraud.
Identify any of the unusual volume and activity during the non-peak hours to have a check on the risks caused due to the ATM cash-out attacks.
Implementing dual authentication procedures for a withdrawal above a specific threshold, creating an application that would block the execution of malware, checking of the encrypted traffic communication like SSL or TSL moving over a non-standard port, checking the remote networks and administrative tools used to point back into the networks are some of the common security measures adopted.
Below steps may be useful in the detection of ATM cash-out attacks:
• Isolating the terminals used to coordinate ATM cash-out attacks.
• Reviewing the terminals with an unusual and irregular number of fallback transactions.
• Checking the terminals with fake processing due to the card compromise and switch malware.
• Checking the banking software and hardware regularly for malware infection.
There are literally no borders for ATM transactions, and so for ATM cash-out schemes. The banking security experts at Netsentries have developed a series of hands-on vulnerability assessments that look at the entire ATM environment. We can identify software, hardware, and communication protocol vulnerabilities that can be exploited and provide remediation measures to effectively resolve them.
Please visit our website to know more about our ATM Security Assessment Services.