IMGCAP(1)]
Trustwave, the Chicago-based data-security company, is urging U.S. banks that own ATM networks to have their machines analyzed to determine whether malware is present. Malware is malicious software that thieves insert inside an ATM to steal cardholder data. The then use the stolen information to make counterfeit debit cards to loot customer accounts. The company's recommendation comes after examining ATM networks owned by banks in Russia and the Ukraine, a Trustwave spokesperson tells ATM&Debit News, a CardLine sister publication. In January, ATM maker Diebold Inc. discovered that thieves installed malware inside an undisclosed number of its machines throughout Russia. Thieves opened the rear of the ATMs to install malware that changed the machines' internal controls, such as password-management numbers, says Jim Pettitt, Diebold director of security strategy and planning. Russian police arrested the alleged thieves. "Trustwave collected multiple versions of this malware and … feels that over time it will evolve," the company said in a statement. "It will also begin to propagate to a more-widespread population of ATMs." Banks should check the physical security of their ATMs, not use default passwords and run antivirus software, the Trustwave spokesperson says. Malware is vendor agnostic, meaning crooks can insert it into in any type of ATM, the spokesperson adds.
