How to Prevent ATM and POS Hacking
Although the United States has started the transition to EMV (debit cards and credit cards enabled with chip technology), there are still an alarming number of security compromises involving both automated teller machines (ATMs) and point-of-sale (POS) devices. As of 2016, the number of these attacks had increased by 70 percent compared to 2015 alone, and they only continue to get more sophisticated as technology evolves. More and more, this new generation of fraud puts today’s financial institutions at considerable risk. Securing ATMs and other payment channels is no longer a choice but a necessity to avoid serious financial and reputational damage.
While criminals are staying up-to-date with the latest tactics, we too must stay informed about new methods for compromising data as well as what we can do as consumers and business owners to prevent them.
POS terminals are electronic devices that are used to process payments in retail locations, such as at the grocery store or mall. The POS device is connected to some sort of network in order to validate the credit card transaction, which in turn gives hackers access to potentially thousands of connected customers. Whether it be through a network breach or compromised devices, criminals are able to exploit the POS memory directly and steal sensitive data, including debit and credit card numbers.
In April 2017, Chipotle experienced its own devastating data breach; investigators traced the cause back to a hacked POS device. Criminals installed malware on devices in order to gain access to Chipotle customers’ credit card information. The malware utilized the magnetic strip on the credit card and used it to target card numbers, expiration dates, and verifications codes. Although the breach was caught and the malware eventually removed from its systems, Chipotle still suffered severe damage in terms of lost business, brand, and company valuation.
Another company that experienced a massive data breach is Hyatt Corporation, multinational owner and operator of the popular Hyatt hotels. The organization announced that the breach affected 41 properties in 11 different countries, with customer credit card information being the prime target. Criminals again inserted malicious code onto the POS devices at the front desks, recording information from cards manually entered or swiped. While the investigation continues, damages from the incident are only beginning to surface.
Another method criminals are using to steal sensitive information is ATM skimming, which is a specific device that is installed directly on ATM machines designed to capture credit card information and Personal Identification Numbers (PINs). Once this data is recorded, the hackers use SIM cards or even Bluetooth to download your personal information and gain access to your bank accounts.
If the thought of someone stealing your money and identity isn’t unsettling enough, what’s even more upsetting is the fact that a majority of these ATM skimmer devices are so sophisticated that most people would not be able to tell they were even there. And most people in fact do not.
A recent report from FICO revealed that although cards with chips make it more difficult for criminals, however the criminals are simply turning to machines that have not yet switched to chip readers, such as ATMs and gas stations in the meantime. The good news is that there are many things that businesses and you as a consumer can do to remain safe.
Although it may seem old-fashioned, one simple way to prevent ATM compromises is to cover your PIN number when entering it. Criminals often use installed cameras to obtain access to your digits, but covering them completely can certainly help prevent fraud.
Another way to prevent data theft is to check your credit card and debit card transactions regularly for fraudulent charges and contact your bank right away should you notice anything suspicious. If it is reported within a few days, most banks can reimburse you for unauthorized activity and they are more likely to be able to prevent further charges from occurring.
For Business Owners
As for business owners, it is vital that you are not only aware of the multitude of security threats that can harm your company but also that you put strict measures in place to prevent them from happening altogether. Now more than ever strong security protocols need to be followed in order to protect both company and customer data, including:
- 24/7 log monitoring
- intrusion detection
- Incident response management
- implementing compliance frameworks like PCI
All of these components come together to create a security posture that goes wide and deep, protecting confidential data and preventing cyber breaches.
Data Security and Fraud Protection
To keep your customers’ sensitive information confidential and protected, whether it be through ATMs or POS devices, Hitachi Systems Security has developed ATM Monitoring, a specific cybersecurity monitoring service that uses dedicated monitoring agents to monitor ATMs on a 24/7 basis. This round-the-clock monitoring of ATM activity helps banks identify potential security alerts when it comes to their ATM environment to ultimately secure their ATMs and prevent ATM fraud, such as card skimming, keypad jamming, card trapping, pharming etc.
ATM Monitoring is based on 4 distinct phases:
- Scenario Development
- Security Log Centralization
- Security Log Correlation
- Systematic and Continuous Monitoring
This first phase focuses on a collection of relevant events (scenarios) to describe a suspicious event. A risk score approach assigns a score to users or devices. During the risk assessment, each client’s exposure risk is identified and analyzed. A scenario is then chosen based on experience and on what is appropriate for the client’s needs. As a result, a security response is prioritized based on the threat and suspicious behavior can be detected more easily.
Security Log Centralization
In the second phase, logs are being centralized and aggregated. By collecting all security logs from various ATM and POS sources to a secure and dedicated environment, logs are centralized. Then, information is then aggregated into a “data lake” where it is monitored and analyzed. Finally, a Corporate Protected Zone (CPZ) must protect the security logs from all other bank environments. This zone must follow strict access control requirements and can be accessed by previously identified security staff only.
Security Log Correlation
Based on scenario scores, logs must be correlated to trigger scenarios, identify security incidents and raise security alerts. Other security logs and external sources can also make additional correlations. The bank’s security interface (SIEM) allows you to follow-up on security incidents and alerts, as well as escalate them to the appropriate professionals for mitigating.
Systematic and Continuous Monitoring
While it can be near impossible for businesses to engage in 24/7 security monitoring on their own, we provide systematic and continuous monitoring to protect your confidential data around the clock. Our engaged and dedicated Security Operations Center treats security alerts based on predefined Service Level Agreements (SLAs), prevents threats and reacts in real-time.
As criminals continue to manipulate systems and technology evolves, cyber security threats are only going to increase and become more sophisticated in the years to come. Whether you are a consumer or a business owner, it is vital that you educate yourself on how to prevent data breaches and protect your sensitive information.
Whether you implement security protection by diligently monitoring your bank statements and credit card information, or hiring a managed security service provider to protect your company’s data and organizational assets, it is up to you to fight back against these criminals and remain vigilant.