A leading payments industry news source for more than 17 years. Glenbrook curates the news and keeps you abreast of the important daily headlines in payments.

Search Payments News

August 20, 2020

On the web

Tens of suspects arrested for cashing-out Santander ATMs using software glitch

ZDNet

“Based on information ZDNet received from a Santander spokesperson, sources in the threat intelligence community, and details released by police departments in the affected towns, criminal gangs appear to have found a bug in the software of Santander ATMs. The bug allowed members of criminal groups to use fake debit cards or valid preloaded debit cards to withdraw more funds from ATMs than the cards were storing.”

October 31, 2019

On the web

How Cash-Out Attacks Are Becoming the Next Big Worry for ATM Operators

Digital Transactions

“Payments executives are starting to go public with concerns about a growing type of ATM fraud call the cash-out attack. Unlike the well-known, single-machine attack known as jackpotting , cash-out frauds allow criminals to gain access to multiple machines simultaneously at the network level. They then employ accomplices to visit these machines to draw out the cash. “Once they gain control of the bank’s system, they need to monetize that access. Therein lies the ATM cash-out,” says Tia Ilori, senior director for fraud and breach investigations at Visa Inc. Ilori says Visa has detected cash-out attacks—some successful, some thwarted—at 97 financial institutions in the past year. Visa will not disclose how much has been stolen in these attacks.”

April 10, 2019

On the web

ATM Physical Attacks in Europe on the Increase

Secure Transactions

“EAST has just published a European Payment Terminal Crime Report covering 2018 which reports that ATM physical attacks have risen for the fourth consecutive year. ATM related physical attacks rose 27% when compared with 2017 (up from 3,584 to 4,549 incidents).  Within this total ATM explosive attacks (including explosive gas and solid explosive attacks) were down 3% (down from 1,081 to 1,052 incidents).  Explosive attacks remain a cause for concern as the number of countries reporting them has risen from ten in 2017 to eleven in 2018.  Such attacks result in extensive collateral damage and can pose a risk to life.”

A New Breed of ATM Hackers Gets in Through a Bank’s Network

WIRED

“These system architecture improvements, combined with tailored monitoring to flag and block more fraudulent fund transfers, have inspired scammers to innovate in kind. In an attack on India’s Cosmos bank last August, hackers stole $13.5 million by infecting the bank’s ATM server with malware that retrieved customer information and their assigned SWIFT codes. Then they used this data to initiate thousands of transfers, both within India and in multiple other countries, where money mules cashed out the malicious transactions.”

March 11, 2019

On the web

Insert Skimmer + Camera Cover PIN Stealer — Krebs on Security

Krebs on Security

“Very often the most clever component of your typical ATM skimming attack is the hidden pinhole camera used to record customers entering their PINs. These little video bandits can be hidden 100 different ways, but they’re frequently disguised as ATM security features — such as an extra PIN pad privacy cover, or an all-in-one skimmer over the green flashing card acceptance slot at the ATM. And sometimes, the scammers just hijack the security camera built into the ATM itself.”

November 19, 2018

On the web

ATM hacking report: Scenarios from 2018 ATM hacks

Payments Cards and Mobile

“The most important thing about ATM malware is not its inner workings, but the installation method. The first step for protecting banks and their clients is to identify potential infection vectors and vulnerable components. In this report, we will share the results of ATM security analysis performed by our company in 2017–2018, discuss different types of possible logic attacks identified during such work, and provide recommendations for securing ATMs.”

November 2, 2018

On the web

SMS Phishing + Cardless ATM = Profit

Krebs on Security

“A number of financial institutions are now offering cardless ATM transactions that allow customers to withdraw cash using nothing more than their mobile phones. But this also creates an avenue of fraud for bad guys, who can leverage phished or stolen account credentials to add a new phone number to the customer’s account and then use that added device to siphon cash from hijacked accounts at cardless ATMs.”

September 28, 2018

On the web

Secret Service Warns of Surge in ATM ‘Wiretapping’ Attacks

Krebs on Security

“The U.S. Secret Service is warning financial institutions about a recent uptick in a form of ATM skimming that involves cutting cupcake-sized holes in a cash machine and then using a combination of magnets and medical devices to siphon customer account data directly from the card reader inside the ATM.”

August 14, 2018

On the web

Cosmos Bank’s server hacked, ₹ 94 crore (13.4M USD) siphoned off in 2 days

Live Mint

“Hackers managed to transfer over ₹ 94 crore through a malware attack on the server of Pune-based Cosmos Bank and cloning thousands of the bank’s debit cards over a period of two days, a senior bank official said. The fraudulent transactions were carried out on 11 August and 13 August through 25 ATMs located in Canada, Hong Kong and a few in India. The Cosmos bank debit cards that were cloned were of Visa and Rupay.”

February 8, 2018

On the web

U.S. Arrests 13, Charges 36 in ‘Infraud’ Cybercrime Forum Bust

Krebs on Security

“Started in October 2010, Infraud was short for “In Fraud We Trust,” and collectively the forum referred to itself as the “Ministry of Fraudulently [sic] Affairs.” As a mostly English-language fraud forum, Infraud attracted nearly 11,000 members from around the globe who sold, traded and bought everything from stolen identities and credit card accounts to ATM skimmers, botnet hosting and malicious software.”

Payments News

Give us your email address or link to our RSS feed and we’ll push the daily Payments News headlines to you.

Glenbrook Payments Boot camp®

Register for the next Glenbrook Payments Boot Camp®

An intensive and comprehensive overview of the payments industry.

Train your Team

Customized, private Payments Boot Camps tailored to meet your team’s unique needs.

OnDemand Modules

Recorded, one-hour videos covering a broad array of payments concepts.

Glenbrook Press

Comprehensive books that detail the systems and innovations shaping the payments industry.