Content area
Full Text
Abstract-Automated Teller Machines(ATM) have gained popularity in the banking sector due to the number of advantages they offer to ATM users. ATM users are able to withdraw cash, make cash deposits, make balance enquires and pay bills without having to go into the branch and experience the undesirable long ques. ATMs have however brought with them cyber-crime in which ATM users and banks lose huge amounts of money. ATM crime has continued to grow and spread globally despite the regional variation of the frequency of the crime. Commercial banks and IT security professionals around the world have concentrated on fighting traditional ATM crimes like ATM card Skimming. However, new ATM crimes like Jackpotting and Shimming attacks have emerged. These logical attacks have continued to grow in the recent years. In this case study we used a risk management framework to determine traditional and emerging ATM crimes, and made recommendations on measures ATM owners can put in place to mitigate both the traditional threats and the emerging threats. ATM software whitelisting was recommended to help fight logical and new crimes like Jackpotting which can't be mitigated using traditional ATM security measures like Payment Card Industry Data Security Standard (PCI DSS).
Keywords-component; Automated Teller Machine, ATM Fraud, Jackpotting, Shimming, Skimming
I. Introduction
Automated Teller Machine (ATM) fraud has become a global issue that faces not only customers, but also bank operators and has been on the rise in the recent years [1]. Fraud techniques used by cyber-criminals have become more advanced and managing the risk associated with ATM fraud as well as diminishing its impact is an important issue that face financial institutions around the globe. Cyber-criminals are moving away from the traditional ATM card skimming attacks to new attacks such as ATM Jackpotting and ATM card Shimming. With the coming of the new ATM attacks, ATM owners have a task of ensuring that they are cyber ready for these new threats.
In 2013, several commercial banks in Zambia were robbed of more than US$4 million, through a sophisticated cyber-crime syndicate by foreigners who connived with Zambians [2]. The cyber-criminals used ATM card skimming techniques to copy customer's data from magnetic stripe ATM cards. They used the data to reproduce the ATM cards that they used...