Editing ATM (section)

== Security ==
{{main|Security of automated teller machines}}
ATM [[security]] has several dimensions. ATMs also provide a practical demonstration of a number of security systems and concepts operating together and how various security concerns are addressed.

=== Physical ===
[[File:Procash stolen 1.jpg|thumb|upright|A [[Wincor Nixdorf]] Procash 2100xe Frontload that was opened with an [[angle grinder]]]]
Early ATM security focused on making the terminals invulnerable to physical attack; they were effectively safes with dispenser mechanisms. A number of attacks resulted, with thieves attempting to steal entire machines by [[ram-raiding]].<ref>{{cite web|url=http://www.obstructedtechnology.org/tech-news/things-to-keep-in-mind-when-opting-for-free-atm-placements.html|title=Things to Keep in Mind when Opting for Free ATM Placements|access-date=2015-09-15|url-status=dead|archive-url=https://web.archive.org/web/20151121090102/http://www.obstructedtechnology.org/tech-news/things-to-keep-in-mind-when-opting-for-free-atm-placements.html|archive-date=21 November 2015}}</ref> Since the late 1990s, criminal groups operating in Japan improved ram-raiding by stealing and using a truck loaded with heavy construction machinery to effectively demolish or uproot an entire ATM and any housing to steal its cash.

Another attack method, ''[[ATM blow up|plofkraak]]'' (a [[Dutch language|Dutch]] term), is to seal all openings of the ATM with [[silicone]] and fill the vault with a combustible gas or to place an explosive inside, attached, or near the machine. This gas or explosive is ignited and the vault is opened or distorted by the force of the resulting explosion and the criminals can break in.<ref>{{cite news |url=http://www.news24.com/SouthAfrica/News/ATM-bombings-up-3000-20080712 |title=ATM bombings up 3000% |access-date=2011-04-07 |date=2008-07-12 |work=News24 |url-status=live |archive-url=https://web.archive.org/web/20120114174333/http://www.news24.com/SouthAfrica/News/ATM-bombings-up-3000-20080712 |archive-date=14 January 2012 }}</ref>

ATM bombings began in the Netherlands, but as the nation reduced the number of machines in the country from 20000 to 5000 and discouraged cash use, the mostly [[Moroccan-Dutch]] gangs expert in the attacks moved elsewhere.{{r|matussek20240809}} Such theft has also occurred in Belgium, France, Denmark, Germany, Australia,<ref>{{cite web|url=https://www.theregister.co.uk/2006/03/14/exploding_atm_attack/|title=Dutch blaggers explode ATMs|website=[[The Register]]|url-status=live|archive-url=https://web.archive.org/web/20170810130621/https://www.theregister.co.uk/2006/03/14/exploding_atm_attack/|archive-date=10 August 2017}}</ref><ref>{{cite news |url=http://www.smh.com.au/news/national/attacks-on-banks-devised-in-europe/2008/11/25/1227491548435.html/ |title=Attacks on banks devised in Europe - National |newspaper=[[The Sydney Morning Herald]]|date=2008-11-25 |access-date=2011-02-11 |url-status=live |archive-url=https://web.archive.org/web/20110629151743/http://www.smh.com.au/news/national/attacks-on-banks-devised-in-europe/2008/11/25/1227491548435.html/ |archive-date=29 June 2011 }}</ref> and the United Kingdom.<ref>{{cite news |work=Businessweek |url=https://www.bloomberg.com/graphics/2015-atm-bombers/ |first=Nick |last=Summers |date=27 January 2015 |title=Boom: Inside a British Bank Bombing Spree |access-date=10 June 2020 }}</ref> When anti-gas explosion prevention devices and reinforced ATMs were installed, criminals began using [[leaf blowers]] to remove smoke, and more powerful solid explosives. Despite German banks spending more than €300 million on additional security, the [[Federal Criminal Police Office (Germany)|Federal Criminal Police Office]] estimated that {{as of|2024|lc=y}} 60% of attacks on ATMs in the country succeeded.<ref name="matussek20240809">{{Cite news |last=Matussek |first=Karin |date=2024-08-09 |title=Germany Is Europe's Prime Target for Audacious ATM Bombings |url=https://www.bloomberg.com/news/articles/2024-08-10/germany-is-europe-s-prime-target-for-audacious-atm-bombings |access-date=2024-08-12 |agency=Bloomberg}}</ref>

Several attacks in the UK (at least one of which was successful) have involved digging a concealed tunnel under the ATM and cutting through the reinforced base to remove the money.<ref name=tunnel>{{cite news |url=https://www.bbc.co.uk/news/uk-england-manchester-16556547 |title=Thieves dig 100ft tunnel to steal cash in Levenshulme |access-date=2012-01-02 |date=2012-01-14 |publisher=BBC |url-status=live |archive-url=https://web.archive.org/web/20120114052858/http://www.bbc.co.uk/news/uk-england-manchester-16556547 |archive-date=14 January 2012 }}</ref>

Modern ATM physical security, per other modern money-handling security, concentrates on denying the use of the money inside the machine to a thief, by using different types of [[Intelligent banknote neutralisation system|Intelligent Banknote Neutralisation Systems]].

A common method is to simply rob the staff filling the machine with money. To avoid this, the schedule for filling them is kept secret, varying and random. The money is often kept in cassettes, which will dye the money if incorrectly opened.

=== Transactional secrecy and integrity ===

The security of ATM transactions relies mostly on the integrity of the secure [[cryptoprocessor]]: the ATM often uses general commodity components that sometimes are not considered to be "[[trusted system]]s".

Encryption of personal information, required by law in many jurisdictions, is used to prevent fraud. Sensitive data in ATM transactions are usually [[encryption|encrypted]] with [[Data Encryption Standard|DES]], but transaction processors now usually require the use of [[Triple DES]].<ref>[http://www.atmmarketplace.com/research.htm?article_id=25059&pavilion=126&step=story] {{webarchive|url=https://web.archive.org/web/20061012175105/http://www.atmmarketplace.com/research.htm?article_id=25059&pavilion=126&step=story|date=12 October 2006}}</ref>{{update inline|date=March 2023|reason=3DES itself is highly outdated by now.}} Remote Key Loading techniques may be used to ensure the secrecy of the initialisation of the encryption keys in the ATM. [[Message Authentication Code]] (MAC) or [[Partial MAC]] may also be used to ensure messages have not been tampered with while in transit between the ATM and the financial network.

=== Customer identity integrity ===
[[File:Japanese ATM Palm Scanner.jpg|thumb|A [[The Bank of Tokyo-Mitsubishi UFJ|BTMU]] ATM with a [[palm scanner]] (to the right of the screen)]]

There have also been a number of incidents of fraud by [[man-in-the-middle attack]]s, where criminals have attached fake keypads or card readers to existing machines. These have then been used to record customers' PINs and bank card information in order to gain unauthorised access to their accounts. Various ATM manufacturers have put in place countermeasures to protect the equipment they manufacture from these threats.<ref>{{cite web|url=http://www.atmmarketplace.com/article.php?id=7000&na=1 |archive-url=https://archive.today/20120718062007/http://www.atmmarketplace.com/article.php?id=7000&na=1 |url-status=dead |archive-date=2012-07-18 |title=The No. 1 ATM security concern |publisher=ATM Marketplace |access-date=2011-02-11 }}</ref><ref>{{cite web |url=http://buy.cuna.org/download/diebold_fraudpaper.pdf |title=Diebold ATM Fraud |access-date=2011-02-11 |url-status=dead |archive-url=https://web.archive.org/web/20090930071206/http://buy.cuna.org/download/diebold_fraudpaper.pdf |archive-date=30 September 2009 }}</ref>

Alternative methods to verify cardholder identities have been tested and deployed in some countries, such as finger and palm vein patterns,<ref>{{Cite web
| archive-url= https://web.archive.org/web/20060210152007/http://www.ibia.org/biometrics/industrynews_view.asp?id=30
| archive-date= 10 February 2006
| url= http://www.ibia.org/biometrics/industrynews_view.asp?id=30
| url-status= dead
| title= Japan Seeks To Standardize Biometric ID Method For ATMs
| date= 10 March 2005
| access-date= 2023-03-27
| website= International Biometric Industry Association
| language= en
}}</ref> [[Iris recognition|iris]], and [[facial recognition system|facial recognition]] technologies. Cheaper mass-produced equipment has been developed and is being installed in machines globally that detect the presence of foreign objects on the front of ATMs, current tests have shown 99% detection success for all types of [[Skimming (credit card fraud)|skimming]] devices.<ref>{{Cite web|archive-url=https://web.archive.org/web/20051031070738/http://www.ibia.org/biometrics/industrynews_view.asp?id=103|archive-date=31 October 2005|url=http://www.ibia.org/biometrics/industrynews_view.asp?id=103|title=Cards: Biometrics Stalled Amid The Hype|date=22 August 2005|url-status=dead|access-date=2023-03-27|website=International Biometric Industry Association|language=en}}</ref>

=== Device operation integrity ===
[[File:Worn ATM.jpg|thumb|upright|ATMs that are exposed to the outside must be vandal- and weather-resistant.]]
Openings on the customer side of ATMs are often covered by mechanical shutters to prevent tampering with the mechanisms when they are not in use. Alarm sensors are placed inside ATMs and their servicing areas to alert their operators when doors have been opened by unauthorised personnel.

To protect against hackers, ATMs have a built-in firewall. Once the firewall has detected malicious attempts to break into the machine remotely, the firewall locks down the machine.

Rules are usually set by the government or ATM operating body that dictate what happens when integrity systems fail. Depending on the jurisdiction, a bank may or may not be liable when an attempt is made to dispense a customer's money from an ATM and the money either gets outside of the ATM's vault, or was exposed in a non-secure fashion, or they are unable to determine the state of the money after a failed transaction.<ref>{{cite web|url=http://www.kuluttajavirasto.fi/user_nf/default_mag.asp?id=12263&lmf=11440&mode=readdoc&tmf=11440|title=Kilpailu- ja kuluttajavirasto}}</ref> Customers often commented that it is difficult to recover money lost in this way, but this is often complicated by the policies regarding suspicious activities typical of the criminal element.<ref>{{cite web |url=http://moneycentral.msn.com/content/Banking/P57803.asp |title=Banking |publisher=Moneycentral.msn.com |access-date=2011-02-11 |url-status=dead |archive-url=https://web.archive.org/web/20080417111312/http://moneycentral.msn.com/content/Banking/P57803.asp |archive-date=17 April 2008 }}</ref>

=== Customer security ===
[[File:ATMs In A Van.jpg|thumb|left|Dunbar armored personnel watching over ATMs that have been installed in a [[van]]]]
[[File:PNB_Bank_on_wheels1.jpg|200px|thumbnail|right|[[Philippine National Bank]]-ATM on wheels]]
In some countries, multiple [[security camera]]s and [[security guard]]s are a common feature.<ref>{{cite web|url=http://www.banking.state.ny.us/legal/atmsafe.htm |title=NYSBD - Text of the ATM Safety Act |publisher=Banking.state.ny.us |date=1997-06-01 |access-date=2011-02-11 |url-status=dead |archive-url=https://web.archive.org/web/20110410044556/http://www.banking.state.ny.us/legal/atmsafe.htm |archive-date=10 April 2011 }} 
</ref> In the [[United States]], The [[New York State]] Comptroller's Office has advised the New York State Department of Banking to have more thorough safety inspections of ATMs in high crime areas.<ref>{{cite web|url=http://www.osc.state.ny.us/press/releases/oct07/100407.htm |title=DiNapoli Calls for Better Oversight of Bank ATMs |publisher=Osc.state.ny.us |date=2007-10-04 |access-date=2011-02-11 |url-status=dead |archive-url=https://web.archive.org/web/20110610044250/http://www.osc.state.ny.us/press/releases/oct07/100407.htm |archive-date=10 June 2011 }}</ref>

Consultants of ATM operators assert that the issue of customer security should have more focus by the banking industry;<ref>[http://www.atmmarketplace.com/research.htm?article_id=5171&pavilion=4&step=story] {{webarchive|url=https://web.archive.org/web/20060509230352/http://www.atmmarketplace.com/research.htm?article_id=5171&pavilion=4&step=story|date=9 May 2006}}</ref> it has been suggested that efforts are now more concentrated on the preventive measure of deterrent legislation than on the problem of ongoing forced withdrawals.<ref>[http://www.atmmarketplace.com/news_story.htm?i=20479] {{webarchive|url=https://web.archive.org/web/20060509230332/http://www.atmmarketplace.com/news_story.htm?i=20479|date=9 May 2006}}</ref>

At least as far back as 30 July 1986, consultants of the industry have advised for the adoption of an emergency PIN system for ATMs, where the user is able to send a [[panic alarm|silent alarm]] in response to a threat.<ref>Representative Mario Biaggi, Congressional Record, 30 July 1986, Page 18232 et seq.</ref> Legislative efforts to require an emergency PIN system have appeared in [[Illinois]],<ref>{{cite web|url=http://www.obre.state.il.us/AGENCY/News/atmrpt.htm |title=ATM Report |publisher=Obre.state.il.us |access-date=2011-02-11 |url-status=dead |archive-url=https://web.archive.org/web/20101104220104/http://www.obre.state.il.us/AGENCY/News/atmrpt.htm |archive-date=4 November 2010 }}</ref> [[Kansas]]<ref>{{Cite web
| archive-url= https://web.archive.org/web/20040512032514/https://www.cunews.com/newsletters/2004216.htm
| archive-date= 12 May 2004
|title=Credit Union tech-talk News 2/16/04
|url=https://www.cunews.com/newsletters/2004216.htm
| url-status= dead 
|access-date=2023-03-27|website=cunews.com
| at= ATMs / Kiosks}}</ref><ref>{{Cite web|url=http://www.kansas.gov/government/legislative/bills/2004/333.pdf|title=Senate Bill No. 333|date=2004|website=www.kansas.gov|archive-url=https://web.archive.org/web/20181214063626/http://www.kansas.gov/government/legislative/bills/2004/333.pdf|archive-date=14 December 2018|url-status=live|access-date=2018-12-14}}</ref> and [[Georgia (U.S. state)|Georgia]],<ref>{{cite web|url=http://www.legis.state.ga.us/legis/2005_06/versions/sb379_SB_379_PF_2.htm |title=sb379_SB_379_PF_2.html |publisher=Legis.state.ga.us |access-date=2011-02-11 |url-status=dead |archive-url=https://web.archive.org/web/20100831204344/http://www.legis.state.ga.us/legis/2005_06/versions/sb379_SB_379_PF_2.htm |archive-date=31 August 2010 }}</ref> but none has succeeded yet. In January 2009, Senate Bill 1355 was proposed in the Illinois Senate that revisits the issue of the reverse emergency PIN system.<ref>{{cite web |url=http://www.ilga.gov/legislation/BillStatus.asp?DocNum=1355&GAID=10&DocTypeID=SB&LegId=42570&SessionID=76&GA=96 |title=Illinois General Assembly - Bill Status for SB1355 |publisher=Ilga.gov |access-date=2011-02-11 |url-status=live |archive-url=https://web.archive.org/web/20101111052035/http://www.ilga.gov/legislation/BillStatus.asp?DocNum=1355&GAID=10&DocTypeID=SB&LegId=42570&SessionID=76&GA=96 |archive-date=11 November 2010 }}</ref> The bill is again supported by the police and opposed by the banking lobby.<ref>{{cite web |last=Kravetz |first=Andy |url=http://www.pjstar.com/news/x1745367387/ATM-software-aimed-at-reversing-crime |title=ATM software aimed at reversing crime - Peoria, IL |publisher=pjstar.com |date=2009-02-18 |access-date=2011-02-11 |url-status=live |archive-url=https://web.archive.org/web/20110118225019/http://www.pjstar.com/news/x1745367387/ATM-software-aimed-at-reversing-crime |archive-date=18 January 2011 }}</ref>

In 1998, three towns outside Cleveland, Ohio, in response to an ATM crime wave, adopted legislation requiring that an [[emergency telephone number]] switch be installed at all outdoor ATMs within their jurisdiction. In the wake of a homicide in Sharon Hill, Pennsylvania, the city council passed an ATM security bill as well.

In China and elsewhere, many efforts to promote security have been made. On-premises ATMs are often located inside the bank's lobby, which may be accessible 24 hours a day. These lobbies have extensive security camera coverage, a courtesy telephone for consulting with the bank staff, and a security guard on the premises. Bank lobbies that are not guarded 24 hours a day may also have secure doors that can only be opened from outside by swiping the bank card against a wall-mounted scanner, allowing the bank to identify which card enters the building. Most ATMs will also display on-screen safety warnings and may also be fitted with convex mirrors above the display allowing the user to see what is happening behind them.

As of 2013, the only claim available about the extent of ATM-connected homicides is that they range from 500 to 1,000 per year in the US, covering only cases where the victim had an ATM card and the card was used by the killer after the known time of death.<ref>[http://www.wctv.tv/home/headlines/Could_Reverse_Pin_Save_Lives_at_ATM_152336195.html Could Reverse PIN Save Lives at ATM?] {{webarchive|url=https://web.archive.org/web/20141013150036/http://www.wctv.tv/home/headlines/Could_Reverse_Pin_Save_Lives_at_ATM_152336195.html |date=13 October 2014 }}. Wctv.tv. Retrieved on 2013-08-02.</ref>

===Jackpotting===
The term {{em|jackpotting}} is used to describe one method criminals utilize to steal money from an ATM.  The thieves gain physical access through a small hole drilled in the machine. They disconnect the existing hard drive and connect an external drive using an industrial endoscope. They then depress an internal button that reboots the device so that it is now under the control of the external drive. They can then have the ATM dispense all of its cash.<ref>{{cite news |title=ATM makers warn of 'jackpotting' hacks on U.S. machines |url=https://www.reuters.com/article/us-cyber-atms-usa/atm-makers-warn-of-jackpotting-hacks-on-u-s-machines-idUSKBN1FG0WU |newspaper=[[Reuters]] |date=27 January 2018 |access-date=2018-01-28 }}</ref>

===Encryption===
In recent years, many ATMs also encrypt the hard disk. This means that actually creating the software for [[jackpotting]] is more difficult, and provides more security for the ATM.