ATM Security Association Releases White Paper on Atm Card Compromise

Inital result of the skimming working group is now available online

Utrecht, the Netherlands – Today the ATM Security Association released a white paper on ATM card compromising techniques and countermeasures. The global cost of ATM skimming is estimated to be over $2 billion annually and continues to rise. This is the initial result published by one of the four working groups the association had set up last year to focus on different areas of ATM security.

The white paper “ATM skimming and card compromise modi-operandi and countermeasures” is the result of the skimming working group with the scope to share knowledge of card data compromise attacks and available countermeasures. The paper offers valuable insights to ATM deployers and card issuers wondering about solutions to protect their cardholders. It offers an evaluation of different antiskimming solutions. The white paper comes to the conclusion that global ATM security industry standards, independent methods of evaluating countermeasures as well as a reliable, up-to-date source of information on the latest skimming techniques are required for effective protection against current and upcoming skimming threats. The strategic goal of the card payment industry must be to reduce the risk of successful skimming attacks. An important step toward that is removing the magnetic stripe from cards once the global migration to EMV has been completed.

“ATM skimming represents over 98% of all ATM fraud losses, and the average cost of a skimming incident continues to rise to over $60,000. ATM deployers have different risk profiles, infrastructures, availability targets and budgets but confronted with the constantly evolving nature of global organized crime, they all have one requirement in common: reduce the risk of fraud and protect consumer trust,” explains working group host Cees Heuker of Hoek of TMD Security. “The strategy of the working group is to develop an independent and up-to-date means of evaluating anti-skimming technologies for deployers, manufacturers and service providers. This whitepaper is the first of a series of planned deliverables which will help to achieve greater consistency and effectiveness in the fight against ATM fraud.”

Otto de Jong, Chair of the European ATM Security Team’s Expert Group on ATM Fraud (EAST EGAF) and member of the skimming working group, comments: “This is a useful document for ATM deployers and will help them in the battle against ATM fraud. It aids in the understanding of fraud methods and the evaluation of countermeasures that can be used to defeat them. It is a good example of how fraud and security information can be discussed in an open and transparent manner by ATM and ATM third party vendors, deployers and security experts. Working together and sharing information in a non-competitive way, resulting in the creation and publication of this whitepaper, is laudable and of great benefit to the industry.”

The second deliverable of the skimming and card compromise working group is already in preparation. The group is currently drawing up a requirements document for anti-skimming and card compromise solutions with the objective to provide a tool for the evaluation of new ATM security technology or existing risk management strategies. The document including the key areas technology requirements, functional requirements and compliance will create the foundation for the next step, the definition of technology standards and an assessment methodology.

The white paper “ATM skimming and card compromise modi-operandi and countermeasures” can be downloaded from the ATM Security Association’s website after registration:

| Download PDF

About the ATM Security Association for Enhanced Technology

The ATM Security Association for Enhanced Technology is a non-profit association dedicated to improving ATM security. Its aim is to compile information on recognized and potential attack scenarios on ATMs and share that information with specific industry groups to rapidly develop and implement counter-measures at a global level. The main purpose of the ATM Security Association is to create a global network throughout the ATM provider chain enhancing security including all involved parties like Global ATM manufacturers, Suppliers, Financial Institutions, Service Providers and IADs. One of the primary goals of the ATM Security Association is the creation of security standards focused on the deployers’ self-service channel. The focus of the association will be on both hardware and software-related threats, physical and logical attacks. The target is to consider the total environment of the ATM that can have a direct impact on secure usage and operations.