The holiday season is in full swing. That means opening up wallets and purses at the point of sale, which often means paying with cash … and cash? Well, that means trips to the ATM. For fraudsters, armed with new technologies, the ATM is fertile ground for fraud.
In an interview with PYMNTS, David Phister, director of systems security product management at Diebold Nixdorf, said that when it comes to combatting fraud, “holiday seasons are always tough.” He noted that ATM skimming and jackpotting — where malicious code or hardware is installed at the machine to coax cash to be spit out on demand — remain among the most significant security concerns into the holiday season.
In terms of detecting the actual mechanics of the fraud involved, though, the job is getting tougher. Phister told PYMNTS that consumers should be especially vigilant about inspecting machines for “false bezels,” which are typically fixed over the card reader or other parts of the ATM, and which can house tiny “pinhole” cameras that record PINs as they are entered on keypads.
Another tactic involves the use of razor skimmers, which he described as part of the newest wave of fraud. They are, well, razor-thin inserts that fit within the card acceptance slot, and read the data housed within the magnetic stripe of cards inserted into the hacked ATM.
Consumers should be aware of even slight differences in the look or feel of the ATMs they use, Phister noted.
“If the terminal does not look or feel right, it’s probably not,” he said. “In many cases, the fraudsters’ devices are wireless-enabled, so data is very quickly extracted so they can use it to create fake cards.”
In the effort to combat bad actors who would compromise ATMs, financial institutions must strive to deploy innovative sensing technology to improve defenses against malicious activity. He said that some financial services firms are shoring up protections around the magnetic stripe, while others are enhancing authentication technologies tied to contactless or cardless transactions, specifically in mobile devices, which eliminate the use of magnetic stripes entirely.
Some of Diebold Nixdorf’s own latest technology, said Phister, integrates sensors inside card readers to detect the insertion of skimmers — and, upon detection, stop and disable those efforts.
Turning to payment card industry (PCI) compliance, he noted that such mandates exist as a first step to securing payments. However, though much progress has been made in the past decade, more progress is needed.
“Whether it’s in the retail space [or] in the ATM space, raising the bar on collaboration, establishing the standards and attempting to enforce the standards is step number one,” he said. Financial institutions, he added, can do a better job of maintaining hardware configurations and software patches as they strive to improve security.
Looking ahead, Phister said the evolution of the ATM will move beyond the current predominant scenario of cash dispensing. There will be more versatility seen in the machines themselves as they connect consumers and devices across channels, mobile commerce and contactless payments. He noted that partnerships with Mastercard and other entities will help establish designs and architecture that integrate technologies to enable secure consumer interactions.
There’s another line of defense, too, that goes beyond the on-site premises where the ATMs are deployed. Phister pointed to the Diebold Nixdorf Global Security Portal, which enables stakeholders in the financial services ecosystem to collaborate, and share information about new attacks around the globe — before they spread.
“The more information we share, and the faster we share it, between our customers, our partners and even local law enforcement,” he told PYMNTS, “the more effective and agile we all can be against fraud.”