ATM: Attacking Multichannel FraudExperts Explain Why Transactional Analytics Is Critical
The increasing globalization of fraud perpetrated by sophisticated organized crime rings has spurred unprecedented growth in cross-channel attacks, security experts from three of the world's leading ATM manufacturers say.
That's why ATM deployers can no longer build defenses that focus solely on the ATM channel, executives from Diebold Inc., Wincor Nixdorf AG and NCR Corp. say in this final part of an exclusive three-part interview with Information Security Media Group.
Anti-skimming technology, for instance, while essential from a hardware security perspective, would not prevent some of today's high-profile attacks against the payments infrastructure, says Owen Wild, global marketing director of NCR's financial services for NCR.
ATM: A Redemption Point
While many of these attacks, such as the February 2011 cash-out scheme involving prepaid debit cards issued by the American Red Cross, involve ATMs, they don't specifically target ATMs, Wild points out.
In the Red Cross scheme, criminals withdrew $14 million over the course of two days with counterfeit cards they created from account details related to cards issued for disaster relief victims that were compromised after the Red Cross' payments processor was breached.
"There have been some very high profile situations where the ATMs were used as redemption points," he explains. "So being able to provide the ability to do more rapid and point-oriented transaction analysis is very critical, so you can start seeing, at an enterprise level, card utilization that is abnormal, either in terms of frequency of cards being used or cards being used in multiple locations ... to at least create alerts and notifications."
Behavioral analytics and transactional monitoring and analysis need to be part of the overall security strategy, Wild stresses.
"Again, it is not just an ATM problem here," he says. "This becomes part of the overall environment, moving more and more toward protected transactions. And things that can help mitigate against the use of counterfeit cards are going to be important."
ATM vendors and banking institutions can play a role in thwarting the types of cash-out schemes Wild describes, says Nick Billett, senior director of core ATM software and security at Diebold.
Cash-out schemes involve simultaneous cash withdrawals from multiple ATMs using counterfeit cards created by fraudsters, typically after a retailer or payment processor breach. The ATM is used for the payout, but the ATM itself has not been compromised, Billett says.
ATM manufacturers and banking institutions must devise ways to detect these types of schemes as they are happening to ensure overall security of the ecosystem, Billett says.
"It's a very complex discussion as we look at the entire attack surface," he adds. "The organized crime element is going to great lengths to compromise card data across multiple points."
Bernd Redecker, director corporate security and fraud management at Wincor Nixdorf, which is based in Germany, says cash-out schemes and other fraud efforts cross international borders, highlighting how skilled and swift organized crime rings have become at perpetrating their attacks.
"The fraudsters are developing what I call industrialized processes," Redecker says, which involves knowing how banking systems and networks work and then exploiting their weaknesses.
In this interview, the executives also discuss:
- Why cross-border attacks are difficult to track;
- How legacy networks and payments switches are hindering security progress; and
- Why Windows-based ATMs are not any more susceptible to attack than payments devices running on other operating systems.
In part one of this interview, the panel reviewed the role contactless card and card-reader technology is likely to play in the battle against skimming. In part two, panelists discussed how ATM manufacturers are joining forces to share information about emerging threats.
Billett oversees Diebold's research, development and delivery of extensions for financial services and security-related ATM products. His team also investigates global ATM skimming and logical attacks.
Redecker heads Wincor Nixdorf's corporate security and fraud management team, which works on security products and solutions.
Wild oversees the global development and execution of NCR's marketing strategy and programs for its security solutions portfolio.
The other panelists are:
Uwe Krause, vice president of banking at Wincor Nixdorf, who heads banking product management and marketing for national and international markets.
Joerg Engelhardt, vice president of product management and marketing for Diebold, who oversees management of the business lifecycle for the company's product portfolio.