Shunlongwei Co. ltd.
IGBT Module / LCD Display Distributor
Customer Service
+86-755-8273 2562
IGBT Module / LCD Display Distributor
Recently, the PCI Security Standards Council (PCI SSC) and the ATM Industry Association (ATMIA) issued a joint announcement warning that the growing threat of ATM machines (withdrawals) requires urgent and close attention from global financial institutions.
ATM withdrawal attack
ATM cash withdrawal attacks are well-designed attacks in which criminals compromise a bank or payment card processor, manipulate fraud detection controls and change customer accounts to withdraw cash from numerous ATMs in a short period of time. Withdraw funds with no amount limit.
Criminals often “use ATMs as cash machines” by tampering with balances and withdrawal limits, looting cash from ATMs.
How does an ATM withdrawal attack work?
ATM withdrawal attacks require careful planning and execution. Often, criminal organizations can remotely access card management systems to change fraud prevention controls, such as withdrawal limits or compromised cardholder account PINs. Typically, this is done by inserting malware into the systems of financial institutions or payment processors through phishing or social engineering methods.
The criminal enterprise can then create new accounts or use damaged existing accounts and/or distribute the damaged debit/credit card to a group of people who withdraw money at the ATM in a coordinated manner.
By controlling the card management system, criminals can manipulate balances and withdrawal limits to allow ATM withdrawals until the ATM runs out of cash.
These attacks typically do not exploit vulnerabilities in the ATM itself. By exploiting a vulnerability in the issuing bank’s authorization system, ATMs can withdraw cash.
Who is most at risk?
Financial institutions and payment processors bear the greatest financial risk and are likely to be the targets of these large-scale coordinated attacks. These agencies are likely to lose millions of dollars in a very short period of time, and as a result of this highly organized, well-planned criminal attack, they may break out in multiple regions of the world.
What are the best practices for attack detection?
· Flow rate monitoring of basic accounts and transaction volumes;
24/7 monitoring capabilities, including File Integrity Monitoring System (FIM);
A reporting system that alerts you as soon as suspicious activity is detected;
·Development and practice of incident response management system;
Check for unexpected traffic sources (such as IP addresses);
· Look for unauthorized network tool execution.
What are the best preventive practices?
· Robust system access control and identification of third-party risks;
Employee monitoring systems to prevent “inside work”;
Conduct ongoing, continuous phishing security awareness training for employees;
·Multi-factor authentication;
· Strong password management;
· Authentication/approval is required to remotely change account balances and transaction limits;
· Implement required security patches (ASAP) in a timely manner;
· Conduct regular penetration tests;
Frequent review of access control mechanisms and access privileges;
Strict separation of roles with privileged access to ensure that no single user ID can perform sensitive functions;
Install file integrity monitoring software, which can also be used as a detection mechanism;
· Strict and complete compliance with PCI DSS.