Payment Alliance Assists U.S. Secret Service To Counter ATM Attacks

Posted On: 2/14/2019

  • Printer Friendly Version
  • Decrease Text SizeIncrease Text Size
  • PDF


LOUISVILLE, KY — Payment Alliance International (PAI), the nation's largest privately-held ATM provider, is collaborating with the United States Secret Service and local law enforcement agencies to detect and strike back at "man-in-the-middle" attacks on automated teller machines. Using proprietary real-time reporting software, PAI can alert officials of potential attacks while they are in progress, enabling criminals to be apprehended on the spot.

PAI recently identified a Central Florida attack in progress and assisted law enforcement officials to capture the suspects while they were fleeing with an undisclosed amount of cash – and the device used to commit the crime. Three individuals were arrested for emptying an ATM entirely of its vault cash. They are allegedly responsible for similar fraud activity at  ATMs throughout Florida.

In recent months, ATMs across the country have come under siege. To conduct a "man-in-the-middle" attack, criminals install foreign hardware between an ATM and its wireless communication box, altering vital settings so cash is dispensed incorrectly. It is unknown how many attacks have occurred nationwide or the amount of vault cash stolen, but PAI is convinced that tens of thousands of dollars have been lost.

"Nobody in the ATM industry has the capabilities we have developed to stop ATM fraud like 'man-in-the-middle' attacks, and I couldn't be prouder of our team," said PAI chief executive Neil Clark. "Our customers can sleep well at night knowing we have sophisticated tools to help identify, track and stop fraud."

Customers with PAI wireless communications can remotely update settings with the company's proprietary eRMS program to prevent this type of fraud.

Operators of Internet-capable ATMs that employ wireless devices for transaction communication can take a series of steps to mitigate the risk of a "man-in-the-middle" attack, PAI explained.

First, the user programs the ATMs with TLS (Transport Layer Security) 1.2 and enables certificates to ensure that the proper encryption standards are being used to communicate directly with processors.

Second, the ATM operator makes sure that the system's software is up-to-date, with the latest versions in use and all new security features enabled.

Third, the user inspects ATMs in the field to look for tampering, and to confirm that the wireless units are secure, with no foreign devices present.

Fourth, the operator should find and procure technology that detects fraudulent activity as it's happening.

Interested parties may telephone PAI at (877) 271-2627, extn. 4526 to learn more.

Payment Alliance International (PAI) is the nation's largest, privately-held ATM provider, offering processing and maintenance services, equipment sales and support as well as ATM branding opportunities. PAI also offers revenue-generating, value-added solutions and customized partner programs designed to increase customer profitability, reduce operational expense and maximize uptime. Headquartered in Louisville, KY, the company maintains offices around the country. Payment Alliance is online at GoPAI.com.