3 Ways Financial Institutions Can Secure their ATMs for COVID-19
During times of crisis, crime has a tendency to increase. This is especially true for locations known to carry large quantities of cash – like ATMs. The COVID-19 pandemic has been no different. Mass unemployment in a country where 78% of workers live paycheck-to-paycheck is a recipe for hardship.
ATMs create a high level of convenience for bank and credit union account holders, especially in times of crisis. Prior to COVID-19, ATM crime was already on the rise. In the first few months of 2020, for example, we saw an uptick in ATM thefts in St. Louis, Chicago, Baltimore and other major cities, as well as bombing of ATMs in Florida.
However, criminals can easily see them as unattended cash vaults with both physical and electronic vulnerabilities. Enterprising villains may take note of the computer component of a machine and use malware and other network means to access the cash inside. Those lacking technical knowledge might resort to more physical attacks to get at the cash inside.
Here are three ways financial institutions can help deter a variety of ATM attacks during the COVID-19 pandemic and beyond.
1. Dye Packs – Dye packs are widely used in many European countries, which have been dealing with increased physical attacks for much longer than U.S. financial institutions. According to Patrice Rullier, Managing Director for Oberthur, at his session on physical ATM attacks at the ATMIA US Conference 2019, dye packs stand out as a tactic that has successfully been used to decrease ATM attacks in Europe and other parts of the world.
The use of dye packs renders the notes unusable. As a result, the dyed money is often left behind and found with the tampered machine. In many cases, the effectiveness of newer dye pack systems has become so well-known that posted warnings of their presence on a machine can help deter criminals.
Should a machine be breached, the dyed cash can assist with the capture of those individuals responsible for the attack on the machine. In most cases, recovered bank notes can be traded in for replacement funds, reducing the cash lost from a criminal incident.
2. Lock Down ATM Software – The easiest way for a criminal to avoid the dye-pack trap is to gain access to the back-end system running the ATM. Remote hacking attempts rely gaining network access to the ATM backend through a discoverable network. Direct, on-site attacks utilize an exposed USB or other port to plug in an additional device. No matter the strategy, experts agree locking down the ATM software using these steps will help reduce overall risk to any machine.
Remove software that is not necessary for ATM functionality. In cases where removal is not possible, use security tools to restrict the software.
Create a whitelist for application control. Avoid built-in operating system services and applications which are not essential to ATM operation.
Limit the ability to modify registry values, run arbitrary programs and edit files.
Use a software or hardware VPN client located inside the ATM for network access.
Implement a firewall allowing remote access to only the services needed for ATM operation and only allow remote access from whitelisted administrator addresses.
Keep software up to date with the latest versions and patches.
If you have ATMs currently sitting in branches or locations which are closed to the public due to the pandemic, now may be a good time to empty them of cash and temporarily disconnect them from the network to avoid any additional risk.
3. Cameras – Remote monitoring tools such as photographic cameras, CCTV, and video on and around the ATM can help deter criminals and provide identifying information in the event an incident occurs. Even clothing such as face masks used to obscure features can become an identifier if pictures and footage are provided to authorities promptly. Often, the mere presence of surveillance and notifications of monitoring technology can be enough to deter criminal behavior.
With reduced hours, branch closings, and wide-spread financial uncertainty, access to remote banking alternatives such as ATMs is more important than ever. But so is safety. While not a complete list of available security measures, these three strategies are a good start for any financial institution to protect themselves and their account holders in these trying times.
About Yonas Marcos — Yonas Marcos is the President & CEO of Star Financial Services. Born and raised in Addis Abeba, Ethiopia, Yonas came to the U.S. for his college education and graduated from Towson University. In 2007 he founded Star and has grown it into a nationwide financial payment services provider that offers electronic and mobile payments, ATM equipment and processing, ATM branding, ATM outsourcing for financial institutions and mobile event payments. Connect with Yonas via email or on LinkedIn.