A Thing
The Green SheetGreen Sheet
Subscribe
Sign in

The Green Sheet Online Edition

September 24, 2018 • Issue 18:09:02

Readers Speak: Prevent ATM jackpotting

We wish to thank Paul Albright, executive vice president of Outsource ATM, for sending in the following advice:

ATM jackpotting has moved from Mexico to the United States. This phenomenon utilizes malware known as Ploutus-D, which compromises components of ATM software to gain control of hardware devices such as dispensers, card readers and PIN pads – allowing thieves to dispense all the cash within the machine in a few moments. This new threat has the potential to cause tremendous losses.

While Ploutus-D is used to primarily target Opteva front load and older Persona machines, its base components could also target ATMs from other manufacturers. Fortunately, you can take measures to help protect your own and your merchants' ATMs.

  • Update software and patches: Firewalls and anti-malware protection may be the best defense against an ATM jackpotting attack.
  • Whitelist: Whitelisting, or locking down systems to prevent uploading unauthorized programs and/or USB devices, helps prevent malware entry into ATM computers by automatically blocking anything unfamiliar. Also disable boot and auto-run features.
  • Passcode update: Evaluate machines to ensure passcodes have been updated from manufacturer defaults.
  • Custom keys: An online search for "universal ATM keys" revales a plethora of options for quick purchase. These keys are designed to open nearly any ATM enclosure … and computer. Even if the vault remains secure with a non-standard password, the inner hardware is open for manipulation.
  • Physical security and monitoring: Indoor placement, security cameras and technology to identify tampering and shut down the machine are effective, yet often forgotten, ways to deter criminal activity.

Vigilance is essential. Do a thorough network evaluation and implement as many of the measures I've listed as possible. A multi-layered approach is key. Monitor networks for suspicious activities like unscheduled ATM disconnections or reboots. And if you work with third parties to manage ATM networks, discuss preventive measures for ATM jackpotting with them.

Help your peers

Do you have advice to offer your colleagues in the payments biz? Send your tips to greensheet@greensheet.com. We'll consider previously published blog posts for this page, too. end of article

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

Prev Next
Facebook
Twitter
LinkedIn

Current Issue

View Archives
View Flipbook

Table of Contents

Lead Story
Cryptocurrency appeal growing among merchants, processors
Patti Murphy
News
Industry Update
News Briefs
Views
Terminal wars revisited
Dale S. Laszig , DSL Direct LLC
Margins matter in winemaking and acquiring
Brandes Elitch , CrossCheck Inc.
Education
Street SmartsSM:
How effective is third-party telemarketing?
Steve Norell , US Merchant Services Inc.
California goes European with the California Consumer Privacy Act
Adam Atlas , Attorney at Law
Why you must grasp the new rules of small business marketing
Barry Davis , Womply
Company Profile
MainStream Merchant Services Inc.
New Products
Instant merchant settlement for ISOs, agents, resellers
Instant Merchant Settlement , paycosmos Solution platform provider: linked2pay
Inspiration
Journaling for the MLS
Departments
Letter from the editors
Readers Speak: Prevent ATM jackpotting
Resource Guide
Datebook
A Thing