This article is more than 1 year old
Forget malware, crooks are cracking ATMs the old-fashioned way – with explosives
Blowing up cash machines is blowing up
Bank raiders are increasingly turning to explosives in order to break into cash machines.
The European ATM Security Team (EAST) reports that ATM explosive attacks were up 80 per cent in the first half of 2016 compared to the same period last year. A total of 492 explosive attacks were reported, up from 273 during the same period in 2015.
The majority were explosive gas attacks, but 110 involved solid explosives.
EAST executive director Lachlan Gunn said: "This rise in explosive attacks is of great concern to the industry in Europe, as such attacks create a significant amount of collateral damage to equipment and buildings as well as a risk to life.
"The EAST Expert Group on Physical Attacks (EGAP) is working to analyse the attacks and to share intelligence best practice information across the industry and law enforcement that can help to mitigate the threat."
For overall ATM-related physical attacks, there were a total of 1,604 incidents recorded in H1 2016, up 30 per cent compared to the 1,232 reported in H1 2015. Losses due to these attacks rose 3 per cent to €27m (up from €26.3m in 2015).
The average cash losses were:
- Ram raid or burglary attack – €17,327
- Explosive attack – €16,631
- Robbery – €20,017
However, these figures do not take into account collateral damage to equipment or buildings, which often exceeds the value of the cash lost in successful attacks.
Skim scams
EAST reports [PDF] a 28 per cent increase in ATM-related fraud attacks, up from 8,421 in H1 2015 to 10,820 in H1 2016. Transaction reversal fraud more than trebled year-on-year from 1,270 to 4,840 incidents, and accounted for the increase in fraudulent attacks, which would otherwise have decreased due to a reduction in card skimming. Card skimming reports pegged out at 1,573 in H1 2016, down 21 per cent from 1,986 in H1 2015.
Losses due to ATM-related fraud attacks rose 12 per cent to €174m in H1 2016 compared to €156m in H1 2015. International skimming losses (up from €131m in H1 2015 to €142m in H1 2016) explain the rise. The introduction of Chip and PIN makes it harder to produce counterfeit cards from stolen data, but the same restriction doesn't apply on cards cards outside Europe. Cards issued in the US and the Asia-Pacific region (particularly Indonesia) are favoured by fraudsters.
Attempts to pry open cash machines using malware and similar approaches are also beginning to happen in Western Europe to a very limited extent. Fraudulent losses are very low from this type of scam which, for now, seems to be restricted to established hot spots such as Mexico and Russia.
The number of ATM logical attacks reported to EAST hit 28 (all "cash out" or "jackpotting" attacks) in the first half of 2016, up from just five during the same period in 2015. Related losses were €0.4m.
EAST's full report, with breakdowns for each crime category, is available to EAST members and subscribers via its website. ®