How to Ensure Protection Against ATM Jackpotting
Of late, cybercriminals have been showing an increasing trend to target ATMs, all across the world. They employ different methods to target ATMs, most of which are potentially good targets owing to the high volume of cash available plus the low security.
ATM jackpotting is one of the popular methods that cybercriminals employ to attack and rob ATMs. Jackpotting happens when hackers install malicious software and/or hardware into ATMs and thereby force the machines to spit out cash.
As for the U.S, ATM jackpotting is just a year old now; the first jackpotting attack in the U.S had happened in January 2018. In other parts of the world, especially in different places in Asia and Europe, jackpotting was already prevalent. Now, ATM operators, as well as banks in the U.S, are gearing up to protect themselves against ATM jackpotters.
Let’s discuss today the different things that can be done to protect ATMs from jackpotting attacks. Here we go:
Make ATMs less vulnerable- Making ATMs less vulnerable to jackpotting attacks is the first step. Remember, ATM jackpotters would most likely target stand-alone ATMs in places like airports, pharmacies etc. Make sure these are properly guarded.
Do away with legacy software- Do away with legacy software, which would pose big risks to ATMs. Always go for the most advanced, upgraded software, which would ensure comprehensive security. Ensuring that the firmware and the OS in an ATM are all updated regularly.
Focus on the individuals, teach and train them- Individuals always play a key role when it comes to cybersecurity. Here, as regards ATM jackpotters, the key people who could contribute to making things secure are the bank employees and the users (the account holders).
Hackers can target an employee of a bank, steal his authorized credentials and then plan some malware on the ATM server. This could help them steal money easily from the ATM. Hence, it becomes important that bank employees are taught the key principles of cybersecurity. They should also be given proper training, especially as regards the best cybersecurity practices so that they don’t fall victim to the strategies that hackers employ to lure them into downloading malware or giving away their authorized credentials.
Coming to the users or the account holders, it’s important that they are taught how to do secure ATM transactions and avoid falling prey to ATM hacks.
Application whitelisting helps- Banks can implement application whitelisting to block the executing of malware, which would thus help prevent ATM jackpotting.
Issuing custom keys and code signing is effective- Issuing custom keys and code signing of ATM transactions could definitely help banks secure all ATM transactions.
Basic security measures like strong password and two-factor authentication help- Strong password requirements and the implementation of two-factor authentication are among the most basic of security measures that need to be adopted by all kinds of organizations. With banks too, this is important. Advanced authentication methods, including using a mobile identity application to authenticate transactions, could be very effective.
No compromise, please! – With chip-based ATM cards being introduced, ATM transactions have become securer. Similarly, cardless ATMs are also adding to the security of ATM transactions. Still, it needs to be kept in mind that cybercriminals are getting more and more sophisticated themselves with the passage of time and hence, despite such strong security measured being adopted, they could find ways to carry out frauds. Hence, there should be no compromise as regards ensuring the security of ATMs and ATM transactions. Banks could even think of adopting advanced strategies, like embedding digital identities within banking apps, using QR codes etc to ensure comprehensive security.
Julia Sowells958 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.