TD Financial Group spokeswoman Jacqueline Burns could not confirm if the ATMs were through-the-wall or lobby terminals, but she did say both were located at bank branches. The discovery highlights the critical role customer and employee education play in the fight against fraud. "We have been working really hard to educate our customers and employees," Burns says.
Mike Gervaif, an investigator with the Calgary Police Service's Economic Crime Unit, focusing on POS and ATM skimming crimes, says consumer education has been a focus for financial institutions and law enforcement. "Skimming is prolific across Canada. The TD Bank incident is not isolated," Gervaif says. "But our PR efforts and getting the word out to consumers is making a difference."
The Human Element
Canada's move to the Europay, MasterCard, Visa, or EMV standard , expected to be completed by 2015, should curb the escalation in skimming, Gervaif says. EMV, a standard already in use throughout most of Western Europe, calls for replacing magnetic stripes with radio-frequency chips on debit and credit cards.
U.S. banking institutions and merchants also are taking hits from increases in skimming. While the United States has announced no plans to move to EMV or chip-and-PIN technology, more investments are being made in security solutions and approaches.
Multilayered security methods are the most effective, says Wes Wilhelm, a senior analyst at Aite Group LLC, where he covers fraud management, payments and retail banking technology and operations. "I think most institutions are considering all ATM security concerns, but the key is how many layers and how well those layers work together."
The critical role the human component plays cannot be overlooked, he adds. As the TD Canada Bank example proves, consumer and employee education have to be part of ATM security best practices. "Service technicians and third parties who come out the ATM to replenish cash should be inspecting the reader for skimming devices," he says. "Employees also should conduct random checks."
Top 5 ATM Security Tips
Wilhelm's tips for improving ATM security include:
1. Scheduled and random physical checks of ATMs by branch staff and technicians;
2. A detection system that senses and sends an alert -- and/or takes the ATM offline -- when anything is attached to the card reader, keypad or fascia;
3. Jitter technology, which uses a start-stop motion when a card is inserted;
4. The use of software/behavioral analytics that recognize anomalous or out-of-character behavior for the cardholder or a terminal . "I call it 'collision' analytics -- when two things occur at once that don't make sense," Wilhelm says, such as a card being used at an ATM that the cardholder never or rarely visits, or withdrawal amounts and transaction times that are not consistent with the cardholder's patterns;
5. Reliance on a jamming mechanism, which detects, via an electromagnetic field, when a skimmer is placed on an ATM and "jams" or disables the skimmer.
Wilhelm also recommends greater protection of ATM vestibules. As the security on ATMs increases, so too should the security for access readers on ATM vestibules. "They can skim card data from the access reader and then get the PIN with a camera at the ATM," he says. Banks and credit unions should also regularly check vestibule log files, to track who's accessing the ATM and when.
Skimming: Yesterday's News?
Nicholas Percoco, the senior vice president and head of SpiderLabs for Chicago-based Trustwave, an information security company, says skimming is no longer an ATM's greatest security threat -- rather, physical injection of malware is. SpiderLabs focuses on forensics, ethical hacking and security testing on ATM and other financial systems.
While Percoco says banks and credit unions cannot turn security efforts away from skimming, they should not ignore the ever-growing threat of malicious software invasions. "Criminals physically attack the ATM software and then obtain the data," he says. Basically, fraudsters physically approach the ATM and infect it with malware saved to a USB thumb drive. A similar vulnerability, most prevalent in the retail/off-premises market, was highlighted at the Black Hat security conference last month.
0 comments: on "10 Tips to Improve ATM Security"
Post a Comment