Volunteer Corporate Credit Union
Nashville, Tennessee - Photo Courtesy of Barry Shulam
   Home ι Sitemap ι Contact
Music City, U.S.A.
March/April 2018 Issue: Front Page > Industry Info

Industry Info
Jackpot! You Lose!
ATM machine with money flying out of it Have you ever been in a casino and heard someone scream, "JACKPOT!!!!" It can be an exciting time for both the winning person and those around them. But there's a new kind of jackpotting initiated by cyber criminals and it's costing credit unions money.

ATM "jackpotting" - a new scheme initiated by robbers who can control ATMs remotely to churn out cash on command - has been a threat for banks in Europe and Asia for some time now, but these attacks have not been a concern in the U.S. Until now.

In January, the Secret Service began cautioning financial institutions that jackpotting attacks have targeted cash machines here in the United States. The warning said that once deployed, the machines can be made to dispense money at a rate of 40 notes every 23 seconds until the ATM is empty.

A report from security journalist Brian Krebs outlined the Secret Service alert going into more detail about how jackpotting works. To execute a jackpotting attack, thieves first must gain physical access to the ATM. The crooks, dressed as ATM technicians, attach a laptop computer with a mirror image of the ATM's operating system along with a mobile device to the targeted ATM. The targeted ATMs are typically located in pharmacies, big box retailers, and drive-thru ATMs. From there they can use specialized electronics or malware — sometimes a combination of both — to control the operations of the cash machine.

According to Thuy Ong from theverge.com, two men were arrested for ATM jackpotting on January 27th in Cromwell, CT. The police found Alex Alberto Fajin-Diaz and Argenys Rodriguez near a compromised ATM that was dispensing $20 bills. The officers then searched the men's vehicle and found "tools and electronic devices consistent with items needed to compromise an ATM" along with more than $9,000 in $20 bills. In a report by Ars Technica, it was later found that the ATM dispensed as much as $50,000.

So how do credit unions prevent ATM jackpotting? Terry Pierce, senior product manager, Rancho Cucamonga, Calif.-based CO-OP Financial Services, said there are measures than can be put into place to protect financial institutions and their ATMs. "Some of the best practices available to credit unions are adding whitelisting and blacklisting solutions that prevent fraudsters from high-jacking the ATM, deploying anti-virus and patches, adding firewalls and implementing TLS 1.2 (Transportation Layer Security) encryption," she maintained. "Credit unions should also have procedures that only authorized personnel have access to the ATMs and have an established, strong password policy to protect access at the ATM. I would additionally recommend that the credit unions reach out to their ATM vendor for solutions to protect their ATMs from this type of attack."

 Back to Front Page...

Your savings federally insured to at least $250,000
and backed by the full faith and credit of the United
States Government. National Credit Union Administration,
a U.S. Government Agency.

America's Credit Unions