· 2 min read

2020, Less ATM Crime

John Winchcombe
John Winchcombe · Editor
2020, Less ATM Crime

The European Association for Secure Transactions (EAST) has issued its 2020 report on ATM crime. EAST collects data from 21 Western European countries operating about 335,000 ATMs, 223,000 unattended payment terminals and 14.5 million point-of-sale (POS) terminals.

While economies were locked down, criminals remained active, at least to some extent. A number of types of crime saw dramatic reductions. Card skimming fell to a record low level of 656 incidents, down 56%, transaction reversal fraud dropped 97%, ram raids and ATM burglaries fell by a third, even explosive attacks were 6% lower, although annual losses rose from €10.49 to €14.59 million, up 39%. On the other hand, malware and logical attacks rose 14%.

Overall, the number of terminal-related fraud attacks fell 64%, although the value of losses only fell 14% to €218 million. The roll out of EMV smart payment cards has significantly reduced ATM skimming attacks (copying cards and recording PIN numbers). The more low-tech approach of card and cash trapping has not entirely gone away but is at a very low level, just 250 cases compared with 9,054 in 2019.

Malware and logical attacks, carried out by connecting unauthorised devices that send commands to the ATM to issue money, increased by 44%, although the level of losses is low, €1.24 million in 2020, up from €1.09 million.

Finally, the number of physical attacks fell by 19% to 3,722 although losses were up 1% at €22.4 million. Nearly half of those losses were due to explosive attacks.

‘Man-in-the-middle’

The Policy Times in India carried a report about ATM crime in India, which saw an 82% increase between 2018 and 2020.

The report considers a growing approach where the criminal accesses the ATMs network cable to insert a device that submits a withdrawal request using a restricted card. When the ‘ATM Switch’ sends a ‘declined’ message, the response is altered by the device to allow cash to be withdrawn. These attacks are sometimes referred to as ‘man-in-the-middle’ attacks.

The government wants banks to use end-to-end encryption between the ATM and the network, as well as protecting network cables and input/ output ports better.

Subscriber content

Read the full article

Full access to Cash & Payment News articles, newsletters and archives.

Sign Up to Cash & Payment News Weekly

Receive regular updates on the latest news and articles posted on our website.