Banking Blog

Finance Blogs » Banking » Banks warned about ATM attacks

Banks warned about ATM attacks

By Allison Ross · Bankrate.com
Wednesday, April 9, 2014
Posted: 11 am ET

U.S. regulators are warning banks to be on the lookout for a new cybersecurity threat to ATMs that allows thieves to make unlimited withdrawals.

The Federal Financial Institutions Examination Council on Thursday issued a notice saying a scam that's been dubbed by the Secret Service as "Unlimited Operations" has figured out a way to get around the caps set on ATMs.

The attacks are against ATM web-based control panels used by small and midsized banks, the agency says. Those control panels manage several things, including fraud alert settings and the amount of money that customers may withdraw from the ATM within a set time frame. Then, the attackers quickly withdraw large amounts of cash from the ATMs, often striking on weekends because ATMs tend to have more money on the weekends.

The agency's statement said one such attack was able to net more than $40 million, using just 12 debit card accounts.

If your account is one that is compromised, federal laws and regulations ensure that you'll get your money back. However, sometimes that takes time, and almost certainly is an inconvenience if your account is the one breached.

This latest alarm comes as banks across the country deal with Microsoft's April 8 cutoff of tech support for its Windows XP operating system, potentially leaving ATM systems more vulnerable to attacks.

Cybersecurity is becoming an increasingly big topic of discussion in the financial world, particularly since the massive Target data breach at the end of last year.

Not sick of hearing about security threats yet? Check out Bankrate's slideshow of 11 major data breaches that have stung U.S. consumers.

In other weird ATM news, police in Maine are investigating after an ATM in south Portland dispensed $37,000 in cash to a man who requested $140, according to a story from The Associated Press. The money was returned to the bank, and the bank is referring to the issue as a "code error," but police are still investigating.

And follow me on Twitter: @allisonsross.

«
»
Bankrate wants to hear from you and encourages comments. We ask that you stay on topic, respect other people's opinions, and avoid profanity, offensive statements, and illegal content. Please keep in mind that we reserve the right to (but are not obligated to) edit or delete your comments. Please avoid posting private or confidential information, and also keep in mind that anything you post may be disclosed, published, transmitted or reused.

By submitting a post, you agree to be bound by Bankrate's terms of use. Please refer to Bankrate's privacy policy for more information regarding Bankrate's privacy practices.
11 Comments
Alisa Williams
April 11, 2014 at 7:07 pm

OMG!Scary. Privacy no longer exist. It is a shame how people feel they have the right to people money. I truly don't understand why someone would do such a thing. I hope this issue is resolved sooner than later.

joe
April 11, 2014 at 3:20 pm

Oh well.... here's another reason to use US Government disposable debit cards.

ed
April 11, 2014 at 2:39 pm

Peoples sux!

Emeka Emeruem
April 11, 2014 at 10:55 am

There will always be scammers. The best that can be done is to make scamming more difficult for them by being technologically proactive, thereby reducing scamming to the barest minimum. Organizations that have people’s data floating online should do more to protect the trust committed to them and make Cybersecurity top on their list of priorities. Some of them are doing well in that respect but there is always room to do more.

The recent Target data breach was an unfortunate scenario. It is becoming increasingly necessary to adopt a concerted approach in tackling the alarming Cybersecurity threat. Is there a security forum where these organizations and the technology companies meet to discuss Cybersecurity of their data base? You can see the importance of working in conjunction with the information technology companies. Because Microsoft no longer provides tech support for its Windows XP operating system, most users of this operating system are now vulnerable to attacks.

Ryne
April 11, 2014 at 7:55 am

Oh no, an alert about how people will live without tech support for a nearly 13 year old operating system. Really? Using an operating system from 2001 is asking for trouble anyways. Not saying you have to update every time the latest greatest thing comes out because that's asking for trouble too, but at least keep it reasonable.

Terri Cermignano
April 11, 2014 at 3:09 am

Hi Ann, I

geneo
April 09, 2014 at 8:06 pm

ARE FEDERAL CREDIT UNION ATM'S VULNERABLE TO THIS CYPER ATTACKS
IT SEEMS THEY TOO ARE IN THE SAME PROBLEM WITH DIRECT DEBIT ACCOUNTS AND DEPOSITS.
THANK YOU

ROBERT LEISTER
April 09, 2014 at 5:48 pm

I PROGRAMMED THE FIRST ATMS IN MARYLAND, 1971. WE HAD A PROGRAMMER WRITE CODE SO HE COULD TAKE OUT $10,000.00. HE DID AND LEFT TOWN. THE PROBLEM IS "PEOPLE". THEY WILL ALWAYS BE SMARTER THAN THE COMPUTERS BECAUSE THEY BUILD THEM AND THEY PROGRAM THEM.
OUR BIGGEST PROBLEM NOW IS THE PEOPLE STEALING OTHER PEOPLE'S NUMBERS AND THE BANKS PAY FOR IT. OUR NUMBERS ARE ALL OVER THE INTERNET, FLOATING AROUND SO SOMEONE CAN GRAB THEM.THERE HAS TO BE MORE LEVELS OF INPUT TO BUY SOMETHING NOT JUST A NUMBER, SOMETHING PERSONAL.
BOB FROM BALTIMORE

Ann D’Antonnio
April 09, 2014 at 5:38 pm

Is there a list available of the most vulnerable small/mid-sized banks in the Philadelphia, PA area?

Thank you.

Add a comment

(Comments may take 5-10 minutes to appear)