Banking Blog

Finance Blogs » Banking Blog » ATM security threat: 14-year-olds?

ATM security threat: 14-year-olds?

By Allison Ross ·
Tuesday, June 17, 2014
Posted: 6 am ET

The Bank of Montreal got a surprise security breach earlier this week in the form of two 14-year-old kids.

The Canadian ninth graders found an old ATM manual online and decided to use their lunch break at school to see if they could hack into an ATM, according to a story in the Winnipeg Sun.

Short answer: yes.

© sanjagrujic/

The teens apparently were able to get into operator mode and easily guess the password. They showed branch employees, even changing the greeting on the ATM to "Go away. This ATM has been hacked," according to the Sun.

The bank has said it is working on security upgrades in light of the hack.

Hacking ATMs

Banks and other ATM owners have to be on the constant lookout for those trying to hack their money machines.

For instance, in April, the Federal Financial Institutions Examination Council issued a notice warning about the "Unlimited Operations" scam where hackers get around caps set on ATMs.

The agency's statement said one such attack was able to net more than $40 million, using just 12 debit-card accounts.

Other security threats more concerning

But hacking attacks are often not the biggest concern facing ATM operators, says David Tente, executive director of the ATM Industry Association.

Indeed, a recent survey of ATMIA members showed that skimming attacks and "ram raids" -- where an ATM is ripped out of the wall so thieves can get to the cash -- were considered higher security threats than cybersecurity attacks.

Tente says hacking an ATM "is not an easy kind of fraud," which is why other forms of stealing money are more common. The ATMIA survey found that both burglaries of customers at ATMs and "gas and explosive attacks" were just about as worrisome as cyberattacks.

Tente says there's actually been an increase in gas and explosive attacks of ATMs in the past year. He also says that "cash trapping" -- where a fraudster uses a device to make cash get stuck inside the device in the ATM and then the fraudster later removes the device and the cash -- continues to be an issue.

"They get creative," he says of fraudsters and thieves. "The fraudsters are always trying to stay a step ahead. There's lots of ways they do things."

Updating systems

Still, Tente says operators need to make sure ATM security is kept up to date and that includes the struggle to update ATMs' operating systems from Windows XP.

Meanwhile, Tente says ATMs will soon have to upgrade to be able to handle EMV (Europay, MasterCard and Visa) cards, but he suspects the ATM industry has a little breathing room before it has to start tackling that in earnest.

For more

Stay with Bankrate for more on the EMV card migration, and ATM security.

Follow me on twitter: @allisonsross.

Bankrate wants to hear from you and encourages comments. We ask that you stay on topic, respect other people's opinions, and avoid profanity, offensive statements, and illegal content. Please keep in mind that we reserve the right to (but are not obligated to) edit or delete your comments. Please avoid posting private or confidential information, and also keep in mind that anything you post may be disclosed, published, transmitted or reused.

By submitting a post, you agree to be bound by Bankrate's terms of use. Please refer to Bankrate's privacy policy for more information regarding Bankrate's privacy practices.
Tim Russell
June 30, 2014 at 8:35 am

I hope the bank gave them a reward. They could easily have used this to steal but instead they did the right thing.

June 24, 2014 at 10:36 am

another problem being-criminals who have been successful in theft of a person's debit card info- and have racked up charges- are not even pursued if the charges are under a certain dollar amount (I think $5,000) I am sure the criminals are aware of this.. what's to stop them from continuing?