National ATM Council Warns Of Criminal Tampering Attacks In CA

Posted On: 11/2/2018

  • Printer Friendly Version
  • Decrease Text SizeIncrease Text Size
  • PDF


JACKSONVILLE, FL -- The National ATM Council warns that a number of retail automated teller machines in California have been compromised over the past month. The attack involves installing a hardware modification that presents a spurious transaction reply message falsely indicating approval, and thus causes cash to be dispensed to the perpetrator.

The council was alerted to these attacks by several reliable industry sources. They explained that the scam is being accomplished by criminals who open the upper ATM housing and install a "rigged" device that alters the transaction response message returned by the card issuer to the terminal. This effectively turns a "denial" into an "approval" message,  tricking the terminal into dispensing the cash. 

"This scam appears to be taking advantage of an unencrypted communications link vulnerability somewhere between the wireless modem and the ATM terminal," the council suggested. "To protect against this scam, sources are advising operators to program their ATMs to implement SSL (secure socket layer) encryption, whether the terminal is using a hard-wired or a wireless data connection as its communications modality."

Operators should check their ATMs' upper housings for signs of tampering, and  make sure they're locked – "and not using standard default lock and key settings," the trade association recommended. Operators also might consider changing the upper locks.

The association further advises operators that, if they're not confident that the upper housings are secure against intrusion, it may be necessary to reprogram the terminals to route communications directly to the Host Processor (the same as with a local Internet connection). This requires use of TLS 1.2 (Transport Layer Security)  protocols.

"Please contact your manufacturer/distributor/supplier/ISO for further details on this issue and what specific action may be required in your situation," the council advises. "Although this scam has been reported thus far as only occurring in California, we know how trends such as this can and do spread across the nation ... and so, vigilance is in order."

The council has notified law enforcement of the situation, and promises to keep the industry informed as new information becomes available.

The National ATM Council can be reached by calling (904) 683-6533 or emailing to mail@natmc.org.