ITM and ATM Fraud Surge
Posted: Dec 13, 2024 | Author:
Cornerstone League
Credit unions in our region are reporting an increase in Interactive Teller Machine (ITM) and Automated Teller Machine (ATM) fraud.
ITMs
ITM fraud is done primarily using counterfeit debit cards. Skimming devices and cameras are used to capture debit cards and PINs; or fraudsters are entering the member’s SSN, date of birth, and account number to access accounts. ITM transactions are processed using core systems, often allowing for larger withdrawal limits and access to multiple accounts, such as savings, checking, and HELOCs. Fraudulent transactions are performed after hours using a self-service option.
Please consider implementing the following security measures:
Ensure all ITMs are EMV-enabled and block fallback transactions.
Eliminate ATM-only cards due to lack of EMV security.
Lower daily dollar limits.
Ensure your ITM vendor utilizes skimming and foreign device detection technology and, if detected, that the terminal automatically shuts down.
Perform daily inspections, including opening the machine to inspect for deep insert skimmers.
On the ITM self-service option:
Do not allow SSN, date of birth, or account number as a form of authentication.
Implement multi-factor authentication, such as a one-time passcode sent to their device.
Consider requiring additional forms of authentication, such as an ID scanned into the ITM.
Limit cash withdrawals to one transaction per day.
Do not allow access to HELOC accounts.
Limit self-service hours of operation and require a video teller when available.
Review reports daily to watch for abnormal activity.
Educate members regarding risk and encourage them to report any signs of tampering to the credit union.
ATMs
Fraudsters are attacking the physical terminal by installing malware through the top hat. The ATM top hat is either pried open using a tool or by obtaining a universal key to access. Physical attacks are typically carried out at night or on the weekends to evade detection.
Please consider implementing the following security measures:
- Ensure your operating system and software are current and follow password management best practices.
Ensure all ATMs are EMV-enabled and block fallback transactions.
Set ATM daily dollar withdrawal limits.
Limit the amount of cash loaded into the machine.
Change out the universal key used to access the top hat and ensure there are appropriate locking mechanisms.
Ensure your ATM vendor utilizes skimming and foreign device detection technology and, if detected, that the terminal automatically shuts down.
Add an alarm to the hoods of the machine that connects to your alarm system, and consider adding an audio warning and/or flashing light if disturbed.
Ensure hard disks are encrypted.
Implement real-time monitoring of security, such as when ATM goes offline, as that can be a sign of tampering.
Perform daily inspections, including opening the machine to inspect for deep insert skimmers.
Work with your vendor to ensure they have security protocols to prevent jackpotting (i.e., cashing out ATMs).
Educate members regarding risk, and encourage them to report any signs of tampering to the credit union.
