The Expert's View with John Buzzard

ATM / POS Fraud , Fraud Management & Cybercrime

ATM Attacks: Why We Must Remain Vigilant

Fraudsters Are Increasingly Turning to Explosives to Steal ATM Cash
ATM Attacks: Why We Must Remain Vigilant
John Buzzard's photo of damaged ATM

My recent business trip to San Francisco netted a startling discovery when I spotted a flame-kissed ATM in the city during my morning walk to work. I photographed the ATM and took particular note that the card acceptor was seriously melted and burned by some sort of accelerant-soaked fabric or paper that had been laid against it. The accelerant alone rendered a decent amount of damage.

See Also: Live Webinar | Special Delivery! Defending and Investigating Advanced Intrusions on Secure Email Gateways

This incident is an example of increasing threats to ATMs in both the United States and abroad, as criminals attempt to blow up ATMs in a quest for speedy cash.

I discovered the damaged ATM shortly after I had finished reading BankInfoSecurity's article, Attackers 'Hack' ATM Security with Explosives, which outlined the destruction reported by the European ATM Security Team - 492 explosive attacks have been reported in Europe since the beginning of 2016.

All of these attacks involved solid explosives and/or explosive gases. You simply can't make this stuff up unless you are a professional script writer pitching your next big action adventure drama to a studio.

Explosives are scary, and I am concerned from a security and safety perspective. Situational awareness is key here. Cardholders, vendors and employees could easily be at risk if exposed to an explosive attack, but I take comfort in the fact that the majority of these vandals do their work during non-peak hours, so the risk of harming an employee or customer would be rare.

I recently had the pleasure of speaking with a credit union colleague in North Carolina who immediately shared my concern over the dangerous and dramatic methods that criminals are using today to gain entry into our ATMs. She pointed out that the industry has seen a shift from physical ATM security threats, such as ram raids and card skimming, to more serious criminal destruction from explosives. Her exact comment was: "The days of only worrying about someone wrapping a chain around your ATM and dragging it off are over."

Criminals today are bold, technologically savvy and, in some cases, armed with explosives. I don't think that we will ever see all of our physical risks shift entirely to the threat of accelerants and explosives. But clearly we have to add this to our threat matrix and prepare to at least properly identify the trend as it emerges in the marketplace. Let's not forget other risks:

ATM Ram Raids

These attacks are still incredibly popular in Europe and Australia, but they show up regularly in the U.S. as well. The ATM Industry Association has often pointed out that ram raids are the one the leading threats to ATMs worldwide, second only to card skimming.


Criminals have been quietly testing their ability to physically manipulate and re-program ATMs in Europe, Mexico and the U.S. in recent years. This is how a "jackpotting" attack is waged. Once reprogrammed, ATMs can be controlled by hackers and instructed to spit out cash on-demand or at specific times of day.

Chip Skimming Prototypes

The emergence of periscope skimmers, which are undetectable on the surface, is another concerning trend. These skimmers are installed inside the ATM, usually by accessing the device's enclosure with a universal or stolen key, to capture card numbers after cards are inserted into the ATM's reader. And card-reading "shimmers," which have been found to defeat EMV chip technology designed to prevent skimming, prove criminals are progressively experimenting with technology as a weapon.

In a shimming attack, a shimmer is placed inside the ATM's card reader to intercept communications between the chip card and the chip reader. Information that can be intercepted includes personal account number and expiration date. ATM security experts have pointed out, however, that card information compromised via a shimming attack only pays off for fraudsters if issuing banks fail to appropriately authorize their card transactions. Because EMV chip cards can't be skimmed, if a fraudster tries to duplicate a card with an EMV chip and use it for purchases, the bank should catch it.

My advice to banks is to be observant, educate your employees and, by all means, report unusual instances of extreme ATM damage and attempted robbery to the appropriate authorities in your area. We cannot prevent every attack. But we can be savvier and more prepared with our defense battle plans.

About the Author

John Buzzard

John Buzzard

Fraud Subject Matter Expert, NICE Actimize

John Buzzard is nationally recognized financial industry fraud and security expert and has just recently joined the NICE Actimize team. He has influenced the card fraud, risk and security services for financial institutions throughout the United States through research, writing whitepapers, public speaking and consulting. With more than twenty years of experience, John helps clients resolve problems within the areas of fraud, security and risk management. He understands the fine balance between protecting an enterprise while delivering customer experiences with reduced friction. John combines his inquisitive approach to understand the new threats that are impacting the financial services industry with actionable insights on how to mitigate the risk.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.