What is ATM Jackpotting?
ATM jackpotting is when a criminal breaks into an ATM via malware and empties the cash without physically breaking into the vault. Jackpotting causes no physical damage. Unlike physical attacks – ATM jackpotting attacks normally occur during business hours- in plain sight! ATM Jackpotting penalties are much more harsh than physical attacks. Jackpotting is considered bank fraud and criminal charges may result in a maximum term of imprisonment of up to 30 years!
How is jackpotting done?
Typically, the perpetrator gains access to the top hat of the ATM where the printer, power supply and main control board are. They then install a device, install malware via a USB or hook up a laptop – which then overrides the main control board on the ATM. They then take control of the ATM and command it to dispense a series of notes, or all notes – without ever attempting to break into the unit physically. These criminals typically pose as ATM service technicians and target ATMs that are not readily visible to store employees. In some instances, jackpotting attacks can take mere minutes.
How can I prevent jackpotting?
- Keep your ATMs up to date with software. Some manufacturers have automatic update features which should be enabled if possible.
- Enable SSL encryption with certification if possible.
- Enable CDU binding if possible. If not possible we recommend buying a new ATM machine. Hyosung 1800CE & 5000CE models do not support binding! They also will not support the PCI EPP Upgrade and should be replaced. You can always buy new ATM machines online at bpsands.com.
- Educate location employees to not allow unauthorized access!
- Place the ATM in a direct line of sight of employees. Do not hide ATMs in vestibules, back corners of stores, etc. Place ATMs up in front in well lit visible locations.
- Consider hardening by re-keying the top hats of the ATM to a unique key.
How do you know if Jackpotting has occurred?
The chances of your ATM being jackpotted are very minimal. Since the first jackpotting attempt was documented in the US in 2018, jackpotting attacks continue to be more common. Determining if your ATM has been jackpotted is normally not just as simple as finding the ATM broken into. If jackpotted, typically the ATM will display an unknown error code. These error codes are usually a random display of letters and numbers – with no corresponding description/ resolution.
Our Thoughts
Like physical attacks, jackpotting is a risk in this industry that needs to be mitigated intelligently. Keeping up to date with new ATM terminals, keeping your software updated and enabling CDU binding are great first steps to take. In our opinion though, we feel that educating employees to not allow authorized access and placing your ATM in a highly visible locations are really the best deterrent. Stop criminals before they target you!