Since early 2018 a new cybercrime has hit U.S. targets and security experts are calling it “Jackpotting.”
What it Jackpotting?
According to Money.com, jackpotting “involves installing malicious software or hardware at ATMs that force the machines to release large quantities of cash on demand.”
In January 2018, the United States Secret Service put out a warning that “Criminals have been able to find vulnerabilities in financial institutions that operate ATM’s, primarily ATM’s that are stand-alone. The targeted stand-alone ATMs are routinely located in pharmacies, big box retailers, and drive thru ATMs. Criminals range from individual suspects to large organized groups, from local criminals to international organized crime syndicates.”
When Did Jackpotting Come to North America?
According to Symantec, an American computer software company specializing in personal computer safety software, ATM jackpotting was first identified in Mexico in 2013. This malware was dubbed Backdoor.Ploutus.
Nevertheless, jackpotting has been an issue in Europe and Asia for a lot longer. As of July 2016, “About 4% of Taiwan’s national ATM network of 27,200 machines are affected [by jackpotting.]”
It has not been revealed how much money has been lost due to jackpotting in the U.S. However, a January 2018 article from Reuters found that, “A coordinated group of hackers likely tied to international criminal syndicates has pilfered more than $1 million by hijacking ATM machines across the United States and forcing them to spit out bills like slot machines dispensing a jackpot.”
The article also stated that, “Jackpotting has been rising worldwide in recent years, though it is unclear how much cash has been stolen because victims and police often do not disclose details.”
How to Protect Your ATMs from Jackpotting
As an Independent ATM Deployer (IAD), security needs to be on the forefront of your thought process. In order to lessen the risk of your ATMs being jackpotted, there are steps you can take to help ensure their security.
One of the first and easiest ways to ensure the safety of your ATMs is to make sure that the firmware and the operating system are up-to-date.
Many ATMs run on either Windows 7 or Windows 10. With Windows 7’s imminent end-of-life in January 2020, it’s vital for ATM operators to upgrade to a Windows 10 operating system.
It sounds like common sense, but if you’re new to the IAD business, you may not know. Be sure that your passcodes have been updated from the manufacturer’s default codes. Manufacturers often list their default passcodes on the manual for each model, and these manuals can readily be found online.
Unfortunately, updated software and firmware are not enough to keep ATMs secure. It’s important to also utilize monitoring to help keep ATMs safe. Video and other security sensors can deter would-be thieves and create a record of comings and goings at your ATMs. Alarm sensor can also alert IADs when an ATM has been accessed.
Most attacks require at least some degree of access to your ATM’s system. If you limit access to certain components of your ATM, such as the cash dispenser and the system’s software main board, you can help alleviate some of the risk. You can also install an access management system that allows technicians to access the setup by using a one-time code.
By understanding what jackpotting is and how to help prevent it, you can help ensure the safety of your ATM machines – and your money.