POUGHKEEPSIE, N.Y.-Look for thousands of "shiny, new" ATMs to crop up as credit unions respond to growing fraud and comply with next year's deadline for the American with Disabilities Act (ADA).
"ATM skimming will probably increase this year," said John Brozycki, information security officer at $2.8-billion Hudson Valley FCU here. "You can buy skimming kits on the Internet. And what if a criminal could infect your ATM network with a worm? It's easier to attack an ATM than to rob a credit union."
Credit unions can fight fraudsters while serving members with disabilities by upgrading to new ATMs that contain the latest anti-skimming and ADA technologies, said Brozycki.
"Most of these new security features probably won't be supported by older ATM hardware and software," Brozycki explained. "Some are add-on features and could work with any ATM, but those will be more expensive."
Particularly worrisome is a "James-Bond-ish" scenario where hackers attack ATM software, allowing the criminal to walk up to a machine, enter a code and get cash, he said. "All the bad guys have the Stuxnet worm code and could target ATMs. ATM software isn't updated frequently, and credit unions don't necessarily think about this kind of thing."
Meanwhile, "skimming devices continue to grow in sophistication, and are becoming more compact and harder to detect," said Terrie Ipson, marketing manager for ATM security, Diebold, Inc., of North Canton, Ohio, which provides self-service delivery and security systems. "ATM skimming is today's primary threat to credit unions."
And the "all-in-one" skimmer is a "major threat," Ipson said. This convenient device combines a magnetic stripe reader and a pinhole camera in one small package that can capture card and PIN data when a member uses an ATM. Criminals can attach and remove one dual-function skimmer faster than fiddling with two single-function devices.
Diebold Opteva ATMs shipped since 2009 employ card-reader technology that can detect and block skimmers, including the all-in-one, Ipson said. "Diebold Advanced Skimming Detection uses detection sensors and proprietary algorithms to differentiate between a skimmer and environmental factors or hand movements. If a skimmer is detected, the ATM will alert the credit union's monitoring system to take the affected ATM out of service."
A newer tool emits an electromagnetic protection field around the card entry slot, she said. The field is activated when a skimming device is detected and makes it impossible for the skimmer to read data. "Electromagnetic noise is one of the most effective technologies against skimming"-and is available as an Opteva upgrade.
The Opteva ATMs are recommended as part of a layered approach that includes physical security, logical security, ATM fraud protection and consumer education, Ipson added.
The machines are equipped with motion sensors to protect against card trapping and fishing; "jitter" mechanisms that shake the ATM card as it moves in the slot, preventing certain types of skimming devices from reading data; mirrors that help members stay vigilant; special keypads and monitors that make it hard for criminals to "shoulder-surf;" PIN encryption; secure PIN transmission, and more.
Perhaps the most affordable tool-but perhaps also least effective-is a physical PIN pad shield, which can cost from $10 to $50 and is easy to install, said Brozycki.
Diebold may help prevent James Bond-ish malware. Defenses include intrusion detection and protection, content management, access management and network and IT security, said Ipson. "A strong firewall is a critical layer of this protection that controls traffic in and out of the network."
