top of page

ATMs Need Better Security from Malware

Updated: Nov 8, 2021

Even though payments by credit and debit cards surpassed the use of cash in 2016, cash is not going away any time soon thanks to its roots entrenched in society for the past few centuries. A reduction in full-service branches of banks can be primarily attributed to ATMs that are fulfilling routine transactions including cash withdrawals and deposits. With ATMs becoming mainstream, the question of their security cannot be overlooked.

ATMs are Targets

Since their introduction in the 1960s, ATMs have been targeted by physical and recently logical attacks. From Skimer in 2009 to Padpin/Tyupkin, NeoPocket, Suceful, GreenDispenser and Ripper in 2013, ATM malware has repeatedly grabbed headlines. The sole purpose of these attacks have been to steal cardholder credentials and dispense cash without authorization.

Major ATM malware incidents include US$2 million stolen from ATMs in Taiwan in July 2016 and another US $400,000 in Thailand shortly thereafter. The Ripper malware was used along with special EMV chip cards which led to banks having to disable their ATMs causing inconvenience to customers and generating negative publicity.

Current Protection of ATMs

ATMs are an extension of a bank’s internal network irrespective of whether they use a third-party service provider or the bank’s own corporate network. Lack of separation from the internal network allows hackers to breach the bank’s network as was evident in the attack in Thailand where the bank’s software distribution tool was hijacked to deliver the malware. Besides the loss of US $400,000, the bank had to shut down 3,300 ATMs out of the 7,000 it owned which severely impacted its services nationwide.

ATM manufacturers and industry groups advocate the use of antivirus, antimalware, firewalls and application whitelisting and recommend hardening of the operating system and encrypting communications. However, their deployment by banks is inconsistent. Despite being used, antiviruses have been rendered ineffective in corporate networks while application whitelisting can’t prevent malware distribution via legitimate software tools as seen in the Thailand attack.

Another factor is the usage of Windows XP OS in 75 percent of the world’s ATMs a year after Microsoft discontinued support for it, in April 2014. As there are no more software patches released, devices running Windows XP are vulnerable to malware and viruses, requiring their upgrade which is a financially and logistically daunting task. In addition to the costs, there will be the looming Mastercard deadline for Europay Mastercard Visa (EMV) chip-enabled ATMs compliance that will require new software and hardware. EMV chip reader upgrades cost about $1000 to $3500 per ATM.


The solution is artificial intelligence based cyber defense technology that does not rely on perimeter or end-point security to protect ATMs and can be rapidly deployed.

Feel free to get in touch with us today and see how we can help.

16 views0 comments


bottom of page