ATM Company Working With Secret Service to Stop Attacks

A privately held ATM processing and management company is collaborating with the U.S. Secret Service and local law enforcement agencies to stop so-called man-in-the-middle attacks against ATMs, according to a press release from the company.

Louisville, Ky.-based Payment Alliance International (PAI) said it plans to use proprietary real-time reporting software to alert the agencies of potential attacks in progress so that they can catch criminals in the act.

Man-in-the-middle attacks on ATMs typically involve criminals embedding devices on ATMs in order to intercept the terminals’ connections to their wireless communication boxes. The goal is to change the ATMs’ settings so that they will dispense cash.

“PAI recently identified a Central Florida attack in progress, aiding law enforcement officials in apprehending the suspects while they were fleeing with an undisclosed amount of cash and the device used to carry out the crime,” the company said. “Three individuals were arrested for emptying an ATM entirely of its vault cash. They are allegedly responsible for similar fraud activity at numerous ATMs across Florida. In recent months, ATMs across the country have come under siege.”

Payment Alliance International said the number of man-in-the-middle attacks that have occurred in the United States is unknown but that certainly criminals have stolen tens of thousands of dollars.

Man-in-the-middle attacks don’t require a high degree of technical knowledge to execute, according to the European Agency for Network and Information Security.

“There are plenty of tutorials and step-by-step guides available on the dark web to make things easier for them. Still, these attacks require a certain level of physical access to the ATM and criminal’s identity exposure to pull it off.”

Man-in-the-middle attacks aren’t the only threats that credit unions and other ATM operators have been facing, of course. In August, for example, reports surfaced of FBI warnings to financial institutions regarding other kinds of so-called jackpotting attempts. Those crimes often involve installing malware on the computers that govern ATM cash dispensers. The criminals then direct the ATM to release cash.

Although the growth in man-in-the-middle and jackpotting attacks may reflect a shift away from the use of magnetic stripes among consumers and ATMs, skimming, which involves installing a device on the ATM in order to steal card information and PIN numbers, has also been keeping ATM operators busy.

Skimming was the second most common form of data breach in 2018, according to a recent report by Richmond, Virginia-based breach-intelligence firm Risk Based Security. Criminals are also engineering skimmers to be smaller, easier to install and harder to detect.