ATM cash trapping is a prominent method used by cyber-criminals to attack an ATM. The attackers physically insert a device inside the ATM, which traps cash that is allotted by the cash dispenser to the customers. The device installed inside the ATM cash slot to trap money is known as glue-trap. This device acts as a false shutter and traps the cash allocated to customers. A fake ATM cash dispenser is placed in the front of the real cash dispenser to trap money.
There are two types of cash traps used in ATM cash trapping. Namely type1 and type2 cash traps. The type1 cash traps are visible to the customers, but customers will not be able to differentiate between the traps and the ATM original dispenser. The type2 cash traps are not visible to the users since placed inside the ATM.
The ATM owners and banks should take measures to reduce the ATM cash trapping. The cyber-criminals usually target ATMs with fewer security measures and monitoring, especially ATMs in retail outlets and stand-alone ATMs.
The ATM cash trapping attackers usually use stolen or duplicate cards to make transactions. The cyber-criminal fake themselves as the general public to initiate the withdrawal using the stolen or duplicate ATM cards. The introduction of PINs and chips has made the cyber-criminals to shift from high-tech card skimming to low- tech cash trapping techniques since it is cheap and accessible. The ATM cash trapping attacks do not involve stealing the customer’s information, but the cash itself. The cash trapping attacks are difficult to track, as the criminals remove the trapping device from ATM when they retrieve the money.
The cyber-criminals use the advanced ATM cash trapping method called reversal cash trapping. In reversal cash trapping, the cyber-criminals can steal a bounteous amount of money from the ATMs. The attackers use their card instead of depending on stolen or fake ATM cards. The cyber-criminals initiate the minimal amount for withdrawal using their ATM cards but end up having a large sum of money.
Steps followed by the cyber-criminals to execute ATM cash trapping:
• In the first step, the cyber-criminals install the cash trap or false presenter inside the ATM cash dispenser slot.
• Once a customer enters the ATM and initiates a transaction procedure, the cash gets trapped inside the false trap set by cyber-criminals rather than dispensing money to the user. The criminals can also fake as the general public to execute transactions using duplicate or stolen cards.
• The amount from the customer’s bank account is withdrawn, but the customer does not receive the cash from the cash dispenser, this makes the users assume that ATM has encountered a malfunction, and they walk out of the ATM.
• Cyber-criminals then return to the ATM and remove the false presenter or money traps from ATM, and collect the cash accumulated in the false trap.
Cautions to the users to tackle ATM cash trapping:
• If cash is not dispensed, scan the ATM carefully for additional devices installed at the cash dispenser. In case of any tampering found, inform the bank officials immediately.
• If ATMs are out of order during a transaction, then report the issue to the bank. And check with the bank regarding the withdrawal made before the malfunction of the machine.
• If ATM fails to dispense cash, and the money gets debited from the user account, contact the related bank.
• Never share your PINs and be aware of shoulder surfing.
• Always save the customer care number of the bank on the phone, so that it would be easy to contact.
• Measures to be taken by banks or issuers to tackle ATM cash trapping
• ATM surveillance is usually the best way to tackle ATM cash-trapping. Cameras installed inside the ATM monitor the ATM regularly to check for any of the abnormal behaviors.
• Alert Notification should be sent to the bank officials if someone tries to tamper the ATM devices.
• The software and hardware of ATM should be periodically examined and updated regularly to detect and protect from the unrecognized devices or malware installed.
• The criminals generally prefer stand-alone ATM. Therefore, banks should ensure the safety and security of their ATMs with security guards.
• The bank officials should be educated on the threats of ATM cash trapping and train them to deal with ATM cash trapping attacks.
Experts say “an increasing form of ATM fraud involves the use of simple devices capable of snatching cash and ATM cards from unsuspected users”.To protect your ATM network from fraud, the banking security experts at Netsentries have developed a series of hands-on vulnerability assessments that look at the entire ATM environment. We can identify software, hardware, and communication protocol vulnerabilities that can be exploited and provide remediation measures to effectively resolve them.
Please visit our website to know more about our ATM Security Assessment Services.