The Threat: Jackpotting
ATM jackpotting is becoming an epidemic and something that all financial institutions must be protected from. Criminals use malware to gain full control of the ATM hardware devices like dispensers, card readers and pin pads, allowing them to steal huge amounts of cash without having to use a credit or debit card. There is a need within the community to combat this vulnerability.
As a starting point, banks must do at least 3 things to be protected from this type of attack:
- All hard drives must be encrypted.
- Financial institutions must have a managed services agreement with the ATM vendor.
- All operating software must be properly maintained up to the minute.
Even with all these measures taken, the machine may still be vulnerable.
When ISG was brought in to help a client, we got right to work.
Within hours of learning of the attacks ISG began to gather intelligence on the crime and the impact it could have on the client’s customers. We consulted with one of the world’s largest manufacturers of ATM machines and software and learned that the solutions described above might not stop the crime and were cost- and time-prohibitive.
Armed with this knowledge, ISG developed a new, more effective set of protections. We began to test ways to harden the security both physically and created a solution that included the addition of high-security devices and electronically through programming and sequence of operation to identify the vulnerable portions of these ATMs.
ISG’s solution is not able to be defeated without generating an alarm and an immediate police response, and it works seamlessly with no significant change in procedure by bank staff or cash service vendor including armored couriers. It indirectly creates an even more secure and supervised environment around the use or access to the unit then normally employed.
Additionally, the ISG solution provides immediate awareness through its redundant central station alarm monitoring platform with a series of available notifications if the unit has been accessed or closed up incorrectly, including phone call notification, SMS or push notifications, email, and police dispatch.
Flexible, fast and effective solutions to promote safer and more secure environments.