ATM Scams are on the Rise

ATM fraud security nowadays entails more than simply shutting the keypad while inputting a PIN. Many criminals hack into and break into ATMs in order to steal consumers’ credit card and account information. Criminals utilize the cards to rapidly remove funds from the account after getting the PIN number.

Major ATM Scams:

Cash shimming:

  • The distinguishing characteristic of a card shimming device, which is often performed by inserting the foreign device between the customer’s card and the contacts of the card reader, is the data stored on the chip on the customer’s card
  • A fraudster’s use of a card shimming device allows for a variety of attacks, including obtaining magnetic strip equivalent data, relaying, and other man-in-the-middle attacks

Card skimmer:

  • Skimming is the theft of electronic card data, which allows the thief to clone the card
  • Consumers go through a typical ATM transaction and are frequently unaware of an issue until their account is robbed
  • At the ATM, the card data and PIN are recorded and utilized to create clone cards for further cash transactions
  • It is the most serious threat in the world, but owing to the implementation of anti-skimming solutions, EMV technology, and contactless ATM capabilities, it is no longer the most serious threat

Logical Assaults: (ATM malware/ cash-out attack/ jackpotting)

  • A cybercriminal can use an ATM to execute unauthorized software (Malware) or approved software in an unlawful manner
  • The virus is controlled onsite through the ATM’s PIN Pad or remotely over the network
  • They either deploy the ATM software stack on-site or remotely over the network
  • Malware may incorporate anti-detection, reverse engineering, and unauthorized usage characteristics
  • On-site installation can be accomplished by gaining access to unsecured communication ports such as USB or booting an unauthorized operating system
  • It may also have a secure deleting function. Depending on the type of virus, the cardholder may witness a regular transaction (SW-Skimming and MitM), or the ATM may be out of service or destroyed


  • The ATM PC’s contact with the acquirer host system is targeted in order to misrepresent host answers and distribute cash without debiting the criminal’s account

Keypad jamming:

  • The fraudster glues or inserts a pin or blade at the buttons’ edges to jam the ‘Enter’ and ‘Cancel’ buttons
  • A consumer who fails to hit the ‘Enter/OK’ button after inputting the PIN believes the machine is broken
  • Attempts to ‘Cancel’ the transaction also fails
  • In many situations, the client departs and is soon replaced by the fraudster at the machine. A transaction is active for around 30 seconds (20 seconds in certain circumstances), and he can proceed with the withdrawal by removing the glue or pin from the ‘Enter’ button
  • The cardholder’s loss is restricted, however, by the withdrawal limit and the fact that only one transaction is permitted without swiping the card again and entering the PIN


  • Controls the dispensing mechanism in order to “Cash Out” the ATM

Physical Attacks:

  • This category includes any effort to rob an ATM of cash in the safe. Physical assaults, as well as the removal of the ATM and subsequent use of various techniques to obtain entry to the safe
  • Personal attacks on users to obtain money are extremely widespread these days


  • A cyber thief installs a foreign gadget on an ATM in order to steal information from a customer’s card
  • This is often accomplished through the use of a wiretap, sniffing the card reader’s capabilities, or connecting to a magnetic read head within the card reader
  • The exploitation of the legitimate card reading capabilities of the card reader to record the customer’s card data is the distinguishing feature of an eavesdropping device

Card Trapping:

  • Trapping is the theft of the actual card itself via an ATM-attached device
  • At the ATM, the card is physically captured, and the PIN is compromised

Preventing ATM Scams:

  • Keep your credit card in a safe place
  • The card shouldn’t have the PIN number put on it
  • Your card must not be used by anybody else
  • Never reveal your PIN number to anybody else
  • Don’t let strangers help you at an ATM. Wait until you can ask a bank employee for assistance
  • If someone is standing too close to you at the ATM, request that they move
  • If something suspect appears at the ATM you want to use, find another one
  • Inform the bank right away if the ATM consumes your card
  • All banks provide a tollfree phone number at the ATM for this purpose; make a note of this number in case you require it
  • Cards that are lost or stolen must be reported right away
  • Keep your account, PIN, and the bank’s HELP-line phone numbers in a secure location

Read More Related Articles:

Managed SOC Services for Enhanced Security

The Role of VAPT in Modern Cybersecurity Strategy