London police have arrested a suspect on charges that he participated in a series of ATM malware attacks that netted Â£1.6 million ($2.6 million) from 51 cash machines over a three-day holiday weekend in May.
Researchers demonstrate how ATMs could be hacked - without installing malware - by connecting a tiny computer to an inside port, bypassing the ATM's own computer and instructing the cash dispenser to begin issuing money.
Criminals have infected at least 50 ATMs in Eastern Europe, including Russia, with malware, dispensing millions of dollars in cash directly to money mules. Interpol warns such attacks could spread worldwide.
Although malware attacks against POS terminals at retailers have been in the spotlight, banks and credit unions need to be aware of the emerging threat of malware targeting ATMs, say Trustwave's Matthew Jakubowski and Graham Mott of the U.K.'s ATM network.
ATM-related fraud is quickly evolving, says Graham Mott, head of the U.K.'s LINK Scheme and a presenter at the Sept. 23 London Fraud Summit. New malware attacks waged against ATMs prove why information sharing among banking peers is critical.
ATM manufacturers Diebold and Wincor Nixdorf are laying the groundwork for a new industry group focused on thwarting ATM crime. While experts say the time is right for a group like this, it will need industrywide buy-in to be successful.
Criminals have begun targeting ATMs in Western Europe using malware, as well as a new generation of stealthier skimmers designed to capture card data and PIN codes. But the stolen data is often used for fraud elsewhere, especially the U.S.
Bulgarian and French law enforcement authorities made 11 arrests in an effort to take down a Bulgarian organized crime network suspected of conducting an electronic payment fraud and currency counterfeiting operation.
An analyst says two guilty pleas by defendants who played leading roles in an international account takeover and ATM cash-out scheme worth more than $15 million were not surprising because of the strong evidence in the case.
The FFIEC has issued notices spelling out its expectations for the steps that financial institutions should take to mitigate risks posed by ATM cash-out schemes and the continued DDoS attacks on public-facing websites.
Seventeen individuals are facing charges for their alleged roles in an international ATM skimming and money laundering scheme. The indictments of multiple individuals for a low fraud amount is encouraging, experts say.
A grand jury's indictment this week of the alleged leader of a $5 million ATM skimming scheme illustrates how collaboration among international authorities is working to more swiftly bring global cybercrime leaders to justice.