ATM Security

Issue

ATMs remain a prime target for criminals. Whether the criminals attempt to breach the machine through physical means or through malware infections, banks must remain knowledgeable about the evolving threats in their region to protect their customers, employees and ATMs.

Types of Physical and Logical Attacks


  • ATM Cash Trapping.  A contraption inserted into the cash-dispensing slot that blocks an ATM’s shutter so that bills cannot be presented to the customer. The criminal retrieves the cash once the customer leaves.

  • ATM Jackpotting. Criminal actors gain physical access to the ATM and download Ploutus-D malware directly onto the machine’s hard drive or attach an already affected hard drive onto the machine to control the ATM cash dispense function, thereby allowing the criminals to take out cash.

  • ATM Shimming. A slim device containing a microprocessor and flash memory inserted into an ATM’s card reader to intercept or manipulate data passing between a payment card’s EMV/micro-chip and the ATM’s chip interface. 

  • ATM Skimming.  Criminal actors attach a scanning device onto the ATM card reader slot to record account details from a payment card’s magnetic strip. Once the information is captured, criminals use the details to create a cloned card.  

  • ATM Explosive Attacks. Criminal actors use physical or brute force, including solid explosives or gas against an ATM to access the cash.

ABA Resources

Industry Resources and Alerts

​Questions? Please contact Heather Wyson-Constantine for additional information.