European banks losing millions to ATM criminals


European banks lost €211 million ($232 million) to criminal groups last year, and the vast majority of losses came from skimming devices installed in ATMs across the continent, a report says.

The European Association of Secure Transactions (EAST), an industry group of banks and ATM vendors, also says losses caused by malware installed on ATMs were only €140,000 ($154,000).

This is the lowest figure since EAST started tracking such statistics. The association says these “ATM malware and logical attacks” were down 40% (from 52 to 31), and all but one were so-called black box attacks.

A black box attack is the connection of an unauthorised device to the cash machine. The device then sends dispense commands directly to the ATM cash dispenser in order to drain money out of the machine.

Most such attacks have been unsuccessful lately, EAST stresses, and numbers prove it – total losses related to such incidents have only reached around €136,000 ($150,000).

atm-malware
Attacks on European ATMs keep causing losses to banks. Courtesy of EAST.

Card skimming is quite obviously a much more concerning issue. According to EAST, €167 million ($184 million) was lost due to such stealth attacks.

Anyone can be affected by card skimming theft. Usually, a skimmer – a tiny device – is installed on card readers to collect card numbers. Thieves will later recover the numbers and use the information to make fraudulent purchases.

Sometimes a small camera is additionally planted to record cardholders entering a PIN number into an ATM. PIN numbers can also be stolen via fake keypads placed over the real ATM one.

This is why people using ATMs are always advised to look out for skimmer devices and do quick visual or physical inspections of a cash machine before swiping or inserting a card.

A closer look at the card reader is especially recommended. If it was tampered with, the reader usually looks different. The US Federal Trade Commission has a photo of a skimmer installed on a card reader.

skimmer-device
A skimmer on a card reader. Courtesy of the FTC.

EAST is also concerned with ATM-related physical attacks, especially with an increase in explosive attacks. The number of explosive incidents and ram raids is up 16% and 8% respectively.

“This rise in ATM explosive attacks is of great concern to the industry, in particular solid explosive attacks that account for over 60% of the blasts. While extensive measures have already been taken to mitigate the risk of such attacks, each attack creates significant collateral damage to equipment and buildings and can pose a threat to life,” EAST executive director Lachlan Gunn said.

“The removal of travel restrictions post-lockdown has led to a significant increase in criminal mobility and many of the organised criminal groups operate cross-border.”