“Based on information ZDNet received from a Santander spokesperson, sources in the threat intelligence community, and details released by police departments in the affected towns, criminal gangs appear to have found a bug in the software of Santander ATMs. The bug allowed members of criminal groups to use fake debit cards or valid preloaded debit cards to withdraw more funds from ATMs than the cards were storing.”

“Payments executives are starting to go public with concerns about a growing type of ATM fraud call the cash-out attack. Unlike the well-known, single-machine attack known as jackpotting , cash-out frauds allow criminals to gain access to multiple machines simultaneously at the network level. They then employ accomplices to visit these machines to draw out the cash. “Once they gain control of the bank’s system, they need to monetize that access. Therein lies the ATM cash-out,” says Tia Ilori, senior director for fraud and breach investigations at Visa Inc. Ilori says Visa has detected cash-out attacks—some successful, some thwarted—at 97 financial institutions in the past year. Visa will not disclose how much has been stolen in these attacks.”

“EAST has just published a European Payment Terminal Crime Report covering 2018 which reports that ATM physical attacks have risen for the fourth consecutive year. ATM related physical attacks rose 27% when compared with 2017 (up from 3,584 to 4,549 incidents).  Within this total ATM explosive attacks (including explosive gas and solid explosive attacks) were down 3% (down from 1,081 to 1,052 incidents).  Explosive attacks remain a cause for concern as the number of countries reporting them has risen from ten in 2017 to eleven in 2018.  Such attacks result in extensive collateral damage and can pose a risk to life.”

“A number of financial institutions are now offering cardless ATM transactions that allow customers to withdraw cash using nothing more than their mobile phones. But this also creates an avenue of fraud for bad guys, who can leverage phished or stolen account credentials to add a new phone number to the customer’s account and then use that added device to siphon cash from hijacked accounts at cardless ATMs.”

“The U.S. Secret Service is warning financial institutions about a recent uptick in a form of ATM skimming that involves cutting cupcake-sized holes in a cash machine and then using a combination of magnets and medical devices to siphon customer account data directly from the card reader inside the ATM.”

“Hackers managed to transfer over ₹ 94 crore through a malware attack on the server of Pune-based Cosmos Bank and cloning thousands of the bank’s debit cards over a period of two days, a senior bank official said. The fraudulent transactions were carried out on 11 August and 13 August through 25 ATMs located in Canada, Hong Kong and a few in India. The Cosmos bank debit cards that were cloned were of Visa and Rupay.”