London police have arrested a suspect on charges that he participated in a series of ATM malware attacks that netted Â£1.6 million ($2.6 million) from 51 cash machines over a three-day holiday weekend in May.
Researchers demonstrate how ATMs could be hacked - without installing malware - by connecting a tiny computer to an inside port, bypassing the ATM's own computer and instructing the cash dispenser to begin issuing money.
Criminals have infected at least 50 ATMs in Eastern Europe, including Russia, with malware, dispensing millions of dollars in cash directly to money mules. Interpol warns such attacks could spread worldwide.
Although malware attacks against POS terminals at retailers have been in the spotlight, banks and credit unions need to be aware of the emerging threat of malware targeting ATMs, say Trustwave's Matthew Jakubowski and Graham Mott of the U.K.'s ATM network.
ATM-related fraud is quickly evolving, says Graham Mott, head of the U.K.'s LINK Scheme and a presenter at the Sept. 23 London Fraud Summit. New malware attacks waged against ATMs prove why information sharing among banking peers is critical.
ATM manufacturers Diebold and Wincor Nixdorf are laying the groundwork for a new industry group focused on thwarting ATM crime. While experts say the time is right for a group like this, it will need industrywide buy-in to be successful.
Criminals have begun targeting ATMs in Western Europe using malware, as well as a new generation of stealthier skimmers designed to capture card data and PIN codes. But the stolen data is often used for fraud elsewhere, especially the U.S.
Bulgarian and French law enforcement authorities made 11 arrests in an effort to take down a Bulgarian organized crime network suspected of conducting an electronic payment fraud and currency counterfeiting operation.