View as Webpage

Secret Service Warns of Uptick in ATM Jackpotting Attempts

During the previous six months, the US Secret Service reports there has been a marked increase in ATM jackpotting.

Traditional malware, black box and man-in-the-middle attacks on ATMs have been reported in California, Colorado, Georgia, Idaho, Maryland, Minnesota, New York, North and South Carolina, Oregon, Pennsylvania, Tennessee, Texas, Utah and Washington.

These incidents have occurred across multiple ATM brands and are believed to have been perpetrated by at least seven different criminal groups.

The subjects, which are believed to still be in the U.S. and are expected to continue to carry out additional attacks, were observed opening and accessing the ATMs using magnets and generic Keys designed to unlock an ATM's exterior.

Mitigation and Prevention

Independent ATM deployers, retailers and financial institutions should proactively reach out to their ATM vendors to ensure their terminals and software are up-to-date on all security protocols.

• Follow the security recommendations of manufacturers and other vendors to ensure you have the latest updates, hardware, software and firmware.
• Make certain your operating systems and configurations are up-to-date.
• All ATM hard drives should be encrypted.
• Secure your network communications by fully enabling TLS encryption.
• Limit physical access to ATMs by securing Keys. Generic Keys, which can often be purchased on the Internet, can lead to unauthorized access to multiple ATMs.
• Implement multi-factor authentication, wherever possible, for all your ATM service technicians.

Response to Possible Jackpotting Incidents

If you suspect your ATM has been compromised, please take the following specific steps:

• Before opening the ATM, wear gloves to avoid contaminating any potential DNA evidence and fingerprints.
• Before removing any unauthorized devices from the ATM, photograph all components in place, including the hard drive and any attached devices.
• Contact your local Secret Service Cyber Fraud Field Service Office to report the incident.

We hope you find this information useful in helping to protect your ATMs, cash, and people.

Please call 904-683-6533 or email bruce@natmc.org with any questions or for assistance.

Bruce Renard

Executive Director

The National ATM Council, Inc.

ABOUT NAC

The National ATM Council, Inc. is a not-for-profit national trade association dedicated to ethically and effectively representing the business interests of ATM Owners, Operators and Suppliers in their efforts to provide safe, secure and convenient delivery of cash to consumers throughout the United States. https://www.natmc.org/