Bank ATMs Are Easy Target for Criminals

ATMAs if banks didn’t have enough problems to worry about, a recent government report reveals that theft from ATM machine was become a widespread problem.

The alarm bell on ATM fraud was sounded by an organization that most Americans have never heard of – the Federal Financial Institutions Examination Council (FFIEC) – which acts as a regulator of other numerous regulatory bodies.   The FFIEC is empowered to prescribe consistent standards for the examination of financial institutions by such powerful regulatory agencies as the FDIC, the Federal Reserve, Consumer Financial Protection Bureau and the Office of the Comptroller of the Currency.

According to the FFIEC access to ATMs is gained through cyber attacks which allow criminals to change settings on web based control panels which among other things limit the amount of daily withdrawals. Even more insidious is the ability of hackers to change control settings which allow them to steal funds in excess of the balance in  customer accounts.  The Secret Service describes this type of fraud as “Unlimited Operations” which can result in serious losses to banks.

Criminals in possession of stolen debit or bank cards and passwords frequently send out gangs that in a short period of time are able to steal millions of dollars before the banks are able to figure out that their systems have been hacked.   A recent Unlimited Operation resulted in the theft of an astonishing $40 million in which criminals used only 12 debit card accounts. The problem is more prevalent with small and medium sized banks which lack the necessary resources to properly secure their ATM web access sites.

The FFIEC listed steps that institutions will be expected to take to guard against hacking attacks on ATM and card authorization systems and distributed denial of service attacks on public websites.  Banking institutions are expected to take action against cyber attacks by reviewing card issuer authorization systems, fraud detection processes, ATM usage parameters and the adequacy of information technology networks.

The attacks on ATMs, especially for smaller banks, can be so sudden and large that an institution can be subjected to liquidity and capital losses large enough to result in failure.

The risk of losses to banks from cyber fraud is not likely to subside.  Numerous hacker attacks at large retailers such as Target have resulted in millions of compromised debit and credit cards which can be used to plunder a bank by accessing the ATM systems.  With constant news of successful new hacker attacks almost daily and considering the incredible amount of profits that criminals are reaping, it is unlikely that banks will ever be fully protected from loss regardless of what security measures they implement.


  1. Maybe if retailers like Target didn’t store card info on their servers, hackers wouldn’t get any useful data.

Speak Your Mind