ATM Attacks Buck the Trend

Credit EligibleAs a BankInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

July 27, 2010 - Tracy Kitten, Managing Editor

In San Diego County, Calif., physical attacks on ATMs are startlingly high. Already in just the first half of 2010, there have been 24 reports of ATMs being torched, smashed and stolen. In all of 2009, there were only 17 such incidents recorded by the San Diego County Sheriff's Department.

But San Diego may be the exception, not the rule. While physical attacks on ATMs are common when the economy is struggling, industry experts say such incidents actually are declining throughout the world.

Ram raids, also known as smash-and-grabs, have largely been replaced by torch attacks (the use of a blow-torch to free or cut open an ATM), says Susan Graves, who manages retail contracts for Cash Connect, one of the top two ATM vault cash providers in the U.S. She adds, however, that even torch attacks have been insignificant. While Graves could not provide statistics, she says ATM thefts among Cash Connect's customer have fallen from the radar. "In fact, without doing any research, I can almost say that we have had none."

Cash Connect is the ATM division of Wilmington Savings Fund Society, which is part of $3 billion Delaware-based WSFS Financial Corp. Cash Connect provides more than $225 million in vault cash to thousands of ATMs throughout the U.S.

Pockets Of Concern?

Off-premises or retail ATMs are most vulnerable to physical attacks. In most cases, the attacks involve criminals who literally ram a truck or car into an ATM or the façade of the building to knock the ATM from its base. Because retail ATMs weigh less than those at bank branches, they are easy targets.

Reports of physical attacks on ATMs often show up in pockets. A few years ago, Texas, Florida and New York were havens for physical attacks. The high volume of attacks was attributed to high numbers of off-premises ATM locations. In densely populated regions, retail convenience stores are more abundant, making them easier targets for so-called ram raiders.

Jim Weiss, a Walgreens Co. loss prevention manager based in Irving, Texas, says physical attacks on ATMs have significantly fallen in Texas.

"About a year and a half ago, we were hit kind of hard, but not now," Weiss says.

That lack of rhyme or reason makes preparation for attacks challenging. That's why being mindful of even an isolated incident is so important, says Nicole Sturgill, research director for financial-services consultancy TowerGroup. While ATM thefts have fallen from purview, pockets of attacks should be cause for concern.

"I haven't seen any geographic trends, but honestly I'm surprised it took this long to see them back, given the state of unemployment," Sturgill says.

'It Boils Down to Prevention'

Robert Siciliano, a security consultant and founder of IDTheftSecurity.com, says ATM thefts are hard to predict, and prevent. GPS tracking and reinforced ATM areas are the only real ways to deter criminals.

"If GPS technology were ubiquitous, then the crimes would stop," he says. "It boils down to prevention."

Siciliano calls ATM raids "copycat" crimes of opportunity. "Somebody sees it on YouTube and they copy. Desperate times call for desperate measures." He estimates that ATM-related fraud or crime, which includes raids and thefts, costs the U.S. financial-services market about $350,000 per day. Other types of ATM-related crimes that attribute to those losses include:

• Card skimming;
• Dummy or fake ATMs that capture cardholder data but dispense no cash;
• Automated PIN changes, which involve social engineering to convince a call center representative to change a PIN so the fraudster can access funds with skimmed card data;
• Injection of malware or malicious software that infects an ATM and allows fraudsters to capture and record card details and PINs when information is entered by the cardholder.

A layered security approach is the best solution. Signage to inform potential thieves that an ATM is alarmed or equipped with GPS technology could make a difference, Siciliano says. "Retailers and banks need to invest in layers of protection; that's fundamental for all security."