Open-source bank ATMs


Security, as it relates to ATMs, has several dimensions. ATMs also provide a practical demonstration of a number of security systems and concepts operating together and how various security concerns are dealt with.


Early ATM security focused on making the ATMs invulnerable to physical attack; they were effectively safes with dispenser mechanisms. A number of attacks on ATMs resulted, with thieves attempting to steal entire ATMs by ram-raiding.[44] Since late 1990s, criminal groups operating in Japan improved ram-raiding by stealing and using a truck loaded with a heavy construction machinery to effectively demolish or uproot an entire ATM and any housing to steal its cash.[45]

Another attack method, plofkraak, is to seal all openings of the ATM with silicone and fill the vault with a combustible gas or to place an explosive inside, attached, or near the ATM. This gas or explosive is ignited and the vault is opened or distorted by the force of the resulting explosion and the criminals can break in.[46] This type of theft has occurred in the Netherlands, Belgium, France, Denmark, Germany and Australia.[47][48] This type of attacks can be prevented by a number of gas explosion prevention devices also known as gas suppression system. These systems use explosive gas detection sensor to detect explosive gas and to neutralise it by releasing a special explosion suppression chemical which changes the composition of the explosive gas and renders it ineffective.

Several attacks in the UK (at least one of which was successful) have emulated the traditional WW2 escape from POW camps by digging a concealed tunnel under the ATM and cutting through the reinforced base to remove the money.[49]

Modern ATM physical security, per other modern money-handling security, concentrates on denying the use of the money inside the machine to a thief, by using different types of Intelligent Banknote Neutralisation Systems.

A common method is to simply rob the staff filling the machine with money. To avoid this, the schedule for filling them is kept secret, varying and random. The money is often kept in cassettes, which will dye the money if incorrectly opened.

Transactional secrecy and integrity

The security of ATM transactions relies mostly on the integrity of the secure cryptoprocessor: the ATM often uses general commodity components that sometimes are not considered to be "trusted systems".

Encryption of personal information, required by law in many jurisdictions, is used to prevent fraud. Sensitive data in ATM transactions are usually encrypted with DES, but transaction processors now usually require the use of Triple DES.[50] Remote Key Loading techniques may be used to ensure the secrecy of the initialisation of the encryption keys in the ATM. Message Authentication Code (MAC) or Partial MAC may also be used to ensure messages have not been tampered with while in transit between the ATM and the financial network. In some countries a system has been developed that if the ATM card holder is told to withdraw the cash forcefully by the thief then if he entered his card password starting from the last digit to the first digit then the alarm will sound in the nearest police station

Customer identity integrity

There have also been a number of incidents of fraud by Man-in-the-middle attacks, where criminals have attached fake keypads or card readers to existing machines. These have then been used to record customers' PINs and bank card information in order to gain unauthorised access to their accounts. Various ATM manufacturers have put in place countermeasures to protect the equipment they manufacture from these threats.

Alternative methods to verify cardholder identities have been tested and deployed in some countries, such as finger and palm vein patterns,[53] iris, and facial recognition technologies. Cheaper mass-produced equipment has been developed and is being installed in machines globally that detect the presence of foreign objects on the front of ATMs, current tests have shown 99% detection success for all types of skimming devices.

Device operation integrity

Openings on the customer-side of ATMs are often covered by mechanical shutters to prevent tampering with the mechanisms when they are not in use. Alarm sensors are placed inside the ATM and in ATM servicing areas to alert their operators when doors have been opened by unauthorised personnel.

Rules are usually set by the government or ATM operating body that dictate what happens when integrity systems fail. Depending on the jurisdiction, a bank may or may not be liable when an attempt is made to dispense a customer's money from an ATM and the money either gets outside of the ATM's vault, or was exposed in a non-secure fashion, or they are unable to determine the state of the money after a failed transaction. Customers often commented that it is difficult to recover money lost in this way, but this is often complicated by the policies regarding suspicious activities typical of the criminal element.

Customer security

In some countries, multiple security cameras and security guards are a common feature. In the United States, The New York State Comptroller's Office has advised the New York State Department of Banking to have more thorough safety inspections of ATMs in high crime areas.

Consultants of ATM operators assert that the issue of customer security should have more focus by the banking industry; it has been suggested that efforts are now more concentrated on the preventive measure of deterrent legislation than on the problem of ongoing forced withdrawals.

At least as far back as July 30, 1986, consultants of the industry have advised for the adoption of an emergency PIN system for ATMs, where the user is able to send a silent alarm in response to a threat. Legislative efforts to require an emergency PIN system have appeared in Illinois, Kansas and Georgia, but none have succeeded yet. In January 2009, Senate Bill 1355 was proposed in the Illinois Senate that revisits the issue of the reverse emergency PIN system. The bill is again supported by the police and denied by the banking lobby.

In 1998 three towns outside the Cleveland, Ohio, in response to an ATM crime wave, adopted ATM Consumer Security Legislation requiring that an emergency telephone number switch be installed at all outside ATMs within their jurisdiction. In the wake of an ATM Murder in Sharon Hill, Pennsylvania, The City Council of Sharon Hill passed an ATM Consumer Security Bill as well. As of July 2009, ATM Consumer Security Legislation is currently pending in New York, New Jersey, and Washington D.C.

In China and elsewhere, many efforts to promote security have been made. On-premises ATMs are often located inside the bank's lobby which may be accessible 24 hours a day. These lobbies have extensive security camera coverage, a courtesy telephone for consulting with the bank staff, and a security guard on the premises. Bank lobbies that are not guarded 24 hours a day may also have secure doors that can only be opened from outside by swiping the bank card against a wall-mounted scanner, allowing the bank to identify which card enters the building. Most ATMs will also display on-screen safety warnings and may also be fitted with convex mirrors above the display allowing the user to see what is happening behind them.

As of 2013, the only claim available about the extent of ATM connected homicides is that they range from 500 to 1000 nationwide, covering only cases where the victim had an ATM card and the card was used by the killer after the known time of death.

RISKS Digest has many articles about cash machine operating system vulnerabilities

With the move of ATMs to industry-standard computing environments, concern has risen about the integrity of the ATM's software stack.