Open A Service Order 800-423-3343 (EDGE)

ATM Hardware Archives - Financial Equipment for Retail & Financial Institutions | Edge One LLC

ATM & ITM Hook and Chain Attacks are Not Going Away

Hook with Cash - Hook and Chain Attacks Cost You Money

A year ago, we featured a post that spoke to an increase in ATM hook and chain attacks. We wish we could tell you it is all behind us. However, these physical attacks on ATMs and ITMs have not stopped. We continue to see banks and credit unions suffer costly thefts and damages. Sometimes the thieves are successful at gaining access to the cash, sometimes they are not. But either way, damage is done. It is important that we continue to spread awareness of these hook and chain attacks and provide ways that financial institutions can remain diligent and protect their assets.

What happens during a hook and chain attack?

For an ATM hook and chain attack, criminals target freestanding outside lane drive-up units. This allows vehicles to pull close and hook through the depository and dispenser slots. The thieves attach a large hook through, attached with a heavy chain to the back of their vehicle. Once connected, they accelerate. The goal of these attacks is for the force of the acceleration to open the ATM and safe door. Regardless of whether the thieves gain access to the safe, the attempt rips the ATM from the island. This results in damages to the ATM or ITM beyond repair.
These attacks usually occur late at night or early morning hours. With the thieves ultimately abandoning the vehicle used in the attack, as it is either stolen or rented, and take off in another vehicle standing by. These hook and chain attacks take professional thieves less than 2 minutes to pull all the cassettes from an ATM.

Hook on Chain - ATM security to protect against hook and chain attacks

What can I do to protect my ATM or ITM?

Thieves continue to show determination to find ways to gain access to ATM cash stores. Fortunately, there are a couple of preventative measures that you can take to help deter would-be thieves from attempting an attack on your ATM or ITM. We will discuss a couple of Edge One’s product offerings that will provide your financial institution with an added layer of security.

NCR Safe Slot Reinforcement Kits - Protect your ATM from Hook and Chain Attacks

NCR Safe Slot Reinforcement Kits

Designed as a countermeasure to hook and chain attacks, these kits remove all available space around the depository and dispenser slots, while reinforcing the surrounding area. Each ATM requires two kits to ensure total protection.

Security Gate from TPI - Protect Your ATM

ATM Security Gate

There are a variety of security gates available designed to help protect your ATMs from theft. Depending on the manufacturer, the security gate can attach to the concrete island or a slimline enclosure, similar to a kiosk. These gates use strong materials that come in a variety of colors to coordinate with your institution’s existing structure.

Contact us today to secure your ATM or ITM

Don’t leave your ATMs or ITMs vulnerable to a costly physical attack. The expert team at Edge One can provide you a no-obligation risk assessment and help you establish a plan of action to ensure your machines are safe. For more information about these, as well as other security offerings, Contact the team at Edge One at 800-423-3343(EDGE).

ATM Jackpotting – What You Need to Know

ATM jackpotting isn’t new. Back in 2010, a security researcher named Barnaby Jack took to the stage at a Black Hat security conference to demonstrate this ATM exploitation, making two ATMs dispense fake paper currency. It would be 8 years later when the first ATM jackpotting attack would occur in the United States. Now, this form of ATM attack is on the rise. So, what exactly is jackpotting and what can you do to protect your ATM investment?

What is ATM Jackpotting?

With ATM Jackpotting, thieves typically target stand-alone or retail ATMs in locations that help them avoid a bank’s security. They will often dress as a service technician and access the ATM using force or keys that are purchased easily on the internet. Once they have gained access, the criminal can connect to the ATM and install malware that enables theft of the cash reserves. They will often have an accomplice that will visit the ATM once they have left to collect the cash.

Laptop Keyboard with Hacked Key - Protect your ATM from jackpotting with Edge One

How do I protect my ATM from jackpotting?

While cyber criminals continue to look for vulnerabilities, there are several things that an ATM owner can do to help mitigate their risk. These low-cost, simple practices can help avoid being left vulnerable to cyber jackpotting attacks.

Security camera - Secure your ATM

ATM Placement

These thieves are on the lookout for ATMs that allow them to get in and gain access without detection. Unfortunately, many retail establishments will leave their ATM in a dark area in the back of the store or restaurant. It is important to place your ATM in a well-lit area that is easily monitored by staff and security cameras. Be sure to place security cameras with angles that provide a clear view of both the back and the front of the machine.

Software Updates

ATM manufacturers release regular software updates and related modifications that ensure ATMs stay ahead of potential risks and emerging threats. Old, outdated ATM software leaves your machine open to a variety of issues, jackpotting included. It is important that you install software updates as soon as possible after release.

Know your technicians

Familiarize yourself with the company responsible for the maintenance, replenishment and updating of your ATMs. Get to know their vehicles, uniforms, and your assigned technicians. Do not be afraid to ask for identification. Your ATM management company should be forthcoming and communicative so that you can stay informed of any changes in schedule or assignments.

Contact Edge One to Protect Your ATM Assets

The Edge One team can provide you with a free risk assessment to determine any vulnerabilities that may be present. Our team of professionals will provide a plan of action to ensure your ATMs are up to date, safe, and secure. For more information, Contact the team at Edge One at 800-423-3343(EDGE).

Upcoming PCI / EPP Compliance Mandates

In 2019, PCI (Payment Card Industry) announced new revisions for PCI PIN security requirements. PCI’s function is to set standards that ensure secure handling of customer PINs and data. PCI planned for a phased implementation of updates to provide a more secure method of transferring encryption keys from an ATM’s host processor to the ATM. Circumstances, such as Covid-19, resulted in an update to the compliance deadline dates. The dates below reflect these changes.

PCI PIN Security Requirement Dates:

  • December 31, 2022: Replace ATMs or upgrade EPP for ATMs with PCI PTS v1 or older
    (v1 EPPs are Less secure technology)
  • January 01, 2025: EPP hardware, firmware and software uses TR31 Phase 3 “Key Blocks”

Are your ATMs compliant?

In order to ensure the integrity of your ATMs, the current hardware and software needs an update. Failure to do so leaves your ATMs vulnerable. These vulnerabilities include risk of fraud, security attacks, data compromises and loss of revenue. As an ATM owner, the ATM networks consider you liable for any fraud or data breach involving your ATM. You could assess penalties or have any non-compliant ATMs shut down.

What actions should you take to ensure your ATMs are ready?

Prior to January 1, 2025, all ATMs will require, at a minimum, a software update. In addition, you may be required to replace your electronic PIN pad (EPP) or your ATM entirely. If you own or operate an ATM, do not leave this to chance. Contact the team at Edge One at 800-423-3343(EDGE). We will help audit your ATM fleet to ensure you are updated and compliant.

,

Cencon Lock Product Update

Alert Icon - Potential Alarm Override at ATMs

Potential Alarm Override at ATMs

Edge One has been made aware of a potential security vulnerability that could exist for customers deploying the DormaKaba Cencon locks, installed on your ATM or ITM, configured with the optional SHUNT feature. If the SHUNT feature is enabled, access to your ATM/ITM safe, generally after hours, would be allowed with the alarm being bypassed when a correct combination and smart key are used on the Cencon lock. Specialized tests have shown, however, that this signal can change state with relatively low-level vibration or impact, which could compromise the intended security of the lock, depending on how the SHUNT function has been configured. Meaning, if your DormaKaba Cencon lock is impacted or tampered with in a certain way there is potential to disarm the alarm without any sort of key or combination.

Due to the serious implications of inaccurate alarm signals reporting, Edge One recommends that customers apply remediation to mitigate against this issue.

This will not impact you if ANY of the following are true:

  • The ATM/ITM does not have a DormaKaba Cencon lock.
  • The ATM/ITM safe is not alarmed.
  • There is no afterhours access to the ATM/ITM.
  • You are using an alarm panel at the ATM/ITM to disable the alarm.

You may be impacted if:

  • The ATM/ITM is alarmed and does not have an alarm panel or box to disable the alarm.
Alert Icon - Potential Alarm Override at ATMs

Edge One Recommendations

Edge One recommends that customers determine if they are impacted by the potential alarm override. If it’s determined that you may be impacted, we recommend reaching out to your alarm and security vendor. They will need to configure the DormaKaba SHUNT feature to use the burglar switch rather than the lock shunt.  Feel free to supply them the attached diagram and instructions.

This recommended remediation will require a site visit to each impacted terminal by your alarm vendor during which they will require access to the safe. Note: DormaKaba, Kaba Mas and Mas Hamilton all refer to the same product.

If you have questions, feel free to contact your Edge One Financial Solutions Specialist.

ATM Security – What You Need to Know

The Word Security on Screen - ATM security

ATMs have long been a prime target for criminals.  ATMs deliver cash, credit and debit bank accounts, and as technology advances, they can serve even more functions than before.  For thieves looking for quick cash, ATM crime can be enticing. This means that financial institutions and retailers are constantly fighting attacks. Edge One wants to ensure you are informed when it comes to the different types of ATM security threats and the weapons available for their defense.

Image of a Chain - Hook and Chain Physical ATM Attacks

Physical ATM Attacks

These attacks involve thieves using brute force to gain access to the ATMs. A few of the more common types of physical attacks are:

  • Hook and Chain
  • Ram-raid / Pull-out
  • Cash Trapping
  • Explosive / Gas Attacks

Freestanding drive-up ATMs are particularly vulnerable to these attacks. We are seeing an increase in frequency in these physical ATM attacks here in the U.S. Luckily, there are options for protecting your ATMs.

Logical ATM Attacks

As ATM technology advances, so do the methods criminals use to gain access to the funds they contain. Logical attacks are instances where criminals use electronic devices or malware to gain access to the ATM.

These attacks can include:

To protect yourself from logical attacks, it is critical that all ATM operators remain proactive and vigilant.

The Word Security on Screen - ATM security

Plan Your Defensive Strategy

The most effective ATM security strategy for your fleet is a through a comprehensive, multi-layered approach. The team at Edge One can provide you with a vulnerability assessment and develop a plan to mitigate your risks. Contact Us at 800-423-3343(EDGE).

Hook and Chain ATM Attacks – Are You Protected?

Hook and Chain with a blue sky - Hook and Chain ATM Thefts

ATM crime is nothing new. For years thieves have used methods such as tampering, skimming, and robbery. But as ATM security evolves, so do the techniques used by these criminals. We are currently seeing a rise in the frequency of a type of assault on ATMs called “hook and chain” attacks. These physical attacks on the ATMs can be dangerous and costly. It is important that your financial institution plans your defenses accordingly. Edge One can help.

Hook and Chain with a blue sky - Hook and Chain ATM Thefts

Hook and Chain Attacks

Using a vehicle, criminals target ATMs for this brute force attack. These attacks usually happen from late at night to early morning hours. The perpetrator attaches a large chain or cable to the ATM and accelerates. The force allows them to force open ATM safe doors. These attacks take less than 10 minutes. Even if they are not successful in opening the ATM, the resulting damage can be extensive. Freestanding, drive-up island ATMs are particularly vulnerable to these attacks.

Protection For Your ATM

Edge One can offer a solution to help protect your ATM from these attacks. Through a hardware solution from NCR, ATM criminals can be deterred.

Safe Slot Reinforcement Kits

Safe Slot Reinforcement (SSR) Kits have been designed as a counter measure to “hook and chain” attacks. These kits remove all available space around the dispenser and deposit slots while reinforcing the area around them. This makes it more difficult to damage the module transports and subsequently insert a hook through gaps in the safe door.

Each Upgrade Kit has been uniquely designed to fit around each model. Each ATM requires two kits to ensure total protection. The SSR kits are discreet, as they are not visible once the fascia is closed.

Close up of ATM dispensing slot - ATM Security

Protect Your ATM

At Edge One, your ATMs security is our top priority. We are dedicated to providing you with the best security solutions. For more information about our SSR kits, as well as other security offerings, Contact Us at 800-423-3343(EDGE).