While ATMs serve as great inventions to make the day-to-day banking hassle-free, the security measures involved in making them safe from fraudsters and cyber criminals have to keep evolving to ensure public money remains safe, writes Priyanka Sharma of Elets News Network (ENN).
There are over 200,000 Automated Teller Machines (ATMs) installed across India and the number is set to increase many folds in next few years, with banks trying to keep their overheads under check.
These money vending machines give customers easy access to their money anytime, anywhere throughout the year.
However, as the number of ATMs is set to increase so will various threats. According to a Finance Ministry report, the number of thefts from ATMs is on the rise. In 2015-16, 922 cases of ATM thefts involving Rs 78.6 crore were reported, an increase from 698 cases involving Rs 51.7 crore the previous year. There were 596 cases worth Rs 34.34 crore in 2013-14.
Fraudsters seem to be devising new ways to steal cash from ATMs. As more and more stringent security features are being adopted to make ATM machines theft-proof, high-tech thieves always keep bankers and security providers on their toes — forcing them to keep adding extra layers of security to ensure the money remains safe in ATMs.
It remains No. 1 threat globally. Essentially, skimming refers to the stealing of the electronic card data and making counterfeit cards to make purchases or withdraw cash in the name of the actual account holder. Unsuspecting consumers experience a normal ATM transaction and are usually unable to notice a problem until their account is defrauded.
Trapping is stealing of the physical card itself through a device fixed to the ATM. In a pre-EMV or chip-and-signature environment, the PIN does not need to be compromised.
Transaction Reversal Fraud (TRF)
TRF involves the creation of an error that makes it appear as though the cash had not been dispensed. The account is re-credited but the criminal pockets the money. It could be a physical grab (similar to cash trapping) or a corruption of the transaction message.
Normally, relatively low value, the fraudster will use a device to physically trap the cash that is dispensed and come to collect once the customer has left the ATM location.
This category is related to any attempt to rob the ATM of the cash in the safe. Methods of physical attacks include using solid and gas explosives to break the machine, as well as removing the ATM from the site and then using other methods to gain access to the safe.
Logical attacks are becoming a major and growing attack vector, and one that has the potential to cause large amounts of losses. In this type of attack, external electronic devices or malicious software is used to commit the crime. The tools are used to allow the criminal to take physical control of the ATM dispenser to withdraw money, which is often called “cash-out” or “jackpotting,” as the machine starts spitting out bills like a casino gaming machine.
The other version of malware attack on ATMs involves criminals using software to intercept the card and PIN data as customers use the machine. They can then use this to clone cards and commit frauds at point of sale terminals, ATMs and in ‘card-not-present’ scenarios.
The systems that were installed few years back were primitive so far as surveillance is concerned. They were basically limited to CCTV surveillance cameras with direct video recording locally. The cameras used to be standalone and not networked. These were not connected to a central command centre for remote monitoring services.
But things seem to be improving on this front. Most ATMs have been converted into rear loaders. There are multiple alarms and multiple locations attached to machines. Some ATMs are equipped with sending Save our Souls (SoS) message to nearest police station as well. Apart from that there are sparking systems, think of it like a lighter spark, every couple of seconds that prevents filling them with gas to detonate. There are cameras, key and combination requirements, the combinations are changed every few weeks, says Bharat Berlia, Chief Information Officer, Indus Net Technologies.
Specialised Surveillance System
One of the effective ways of securing the ATM is specialised surveillance solution designed specifically for the banks ATMs. A CCTV system in the bank ATM acts like a deterrent to criminals and provides evidence in post incidence investigations.
One of the key features of this system allows superimposing the ATM card number on the recorded CCTV footage. This feature is called the Text Overlay Feature. The resulting images can be searched by only entering the card number. This on the larger scale aids banks to centrally search CCTV feeds from numerous remote ATMs, thus reducing the time taken to browse the entire CCTV footage and also gives better control to track fraudulent activities regarding misuse of ATM cards.
E Surveillance System
E-surveillance is a comprehensive security solution designed exclusively for ATMs and it integrates intruder alarm, fire alarm, CCTV surveillance coupled with two-way audio communication. This entire solution is offered to banks on Software as a Service (SaaS) model. There is zero investment and zero management for the bank. The bank needs to pay a nominal usage fee on a monthly basis.
Dos and Donts when conducting ATM transactions
Conduct your ATM transactions in complete privacy, never let anyone see you entering your Personal Identification Number (ATM Password)
After completion of transaction ensure that welcome screen is displayed on ATM screen
Ensure your current mobile number is registered with the bank so that you can get alerts for all your transactions
Beware of suspicious movements of people around the ATM or strangers trying to engage you in conversation
Do check if the card given to you by the merchant after completion of the transaction is your card
Look for extra devices attached to the ATMs that may be put to capture your data
Inform the bank if the ATM / Debit card is lost or stolen and immediately report if any unauthorised transaction
Check the transaction alert SMSs and bank statements regularly
Do not write your PIN on the card, memorise your PIN number
Do not take help from strangers or handover your card to anyone for using it
Do not disclose your PIN to anyone, including bank employees and family members
Do not allow the card to go out of your sight when you are making a payment
Avoid speaking on the mobile phone while you are transacting
E-surveillance operates on Internet Protocol (IP). It comprises various sensors to protect every asset in the ATM lobby such as ATM machine, cheque drop box, airconditioners, uninterruptible power supply, etc. It includes smoke and heat sensors as well. High resolution, varifocal, infrared cameras are installed, both inside and outside the lobby for surveillance. Besides these, two-way audio systems and hooter are provided to deter the criminal and alert the public in case of any crime or panic situation.
In the event of any alarm sounded from ATM, a video verification is conducted to confirm if it is a criminal activity and the two-way audio is triggered to deter the criminal. In the event the criminal persists, the local hooter is switched on remotely from the command center to alert the public and deter the criminal.Currently, Punjab National Bank, Kotak Mahindra Bank, HDFC Bank and Federal Bank are using this system in many states.
With implementation of e-surveillance, banks can save on huge costs currently incurred in deploying 24×7 guards at the ATMs. Compared to cost of man guarding, e-surveillance is highly economical and return of investment is highly appreciated by banks.