Menu
Use of Windows XP makes European ATMs vulnerable to malware attacks

Use of Windows XP makes European ATMs vulnerable to malware attacks

While malware is a concern, skimming is still the main problem in Western Europe ATM fraud

For the first time, a country in Western Europe has reported that malware attacks were used by hackers to steal €1.23 million (US$1.32 million) from ATMs. One major problem is the continued use of Windows XP in ATMs, making them more vulnerable to attacks, a report on ATM fraud said.

The report does not specify which country reported the malware attacks, said Lachlan Gunn, executive director the European ATM Security Team (EAST), an organization that aims to provide an oversight of trends in ATM fraud.

However, it is the first time these attacks were reported in Western Europe. Malware attacks on ATMs have been used for some time in other parts of the world, including Eastern Europe, the Asia Pacific region and Latin America, Gunn said.

The statistics in EAST's report were provided by 21 European states, including France, Germany, Italy, the U.K., Spain, Romania and the Netherlands.

The country targeted with malware attacks reported 51 incidents involving malware in 2014. In those cases, criminals used so-called cash out or jackpotting attacks, in which malware is used to take control of the ATM cash dispense function, allowing the criminals to take out cash. Gunn expects more Western European countries will report malware attacks in 2015.

"As a significant number of Europe's ATMs continue to use the Windows XP operating system, there are concerns that many remain vulnerable to ATM malware if the necessary preventative measures are not taken," EAST said in the report.

Microsoft ended support for Windows XP in April last year. Despite ATM vendors like Wincor-Nixdorf warning that the operating system exposes ATM operators to significantly higher security and legal risks, migrations to new systems are going slowly.

Vendors, together with EAST and European police forces, are working on guidelines on how to protect their ATM systems against these malware attacks, Gunn said.

Malware, though emerging in Western Europe, is not the main headache for ATM operators, the report showed. While the total number of ATM-related fraud incidents fell 26 percent compared to 2013, the related losses rose from €248 million to €280 million, the highest amount of money lost due to fraud in the last five years, according to EAST figures.

That rise was mainly driven by international skimming losses, which rose from €201 million to €238 million, even though the number of skimming incidents was down 3 percent from 2013, with 5,631 incidents reported. Skimmers capture card details and the PIN number at the ATM and use them to produce counterfeit cards for fraudulent cash withdrawals, often in countries outside of Europe.

The rise in international skimming losses was not seen in European countries where regional card blocking, often known as geo-blocking, has been widely implemented, Gunn said. Geo-blocking significantly reduces the risk of successful compromise, he said.

In 2014, a total of 15,702 ATM-related fraud attacks were reported in Europe. The fall in the total number of attacks was driven by a 95 percent reduction in transaction reversal fraud, a technique that involves creating an error condition at the ATM, making it appear that cash will not be dispensed and forcing a repayment of the amount withdrawn back to the account.

There was also a 31 percent decline of cash trapping attacks, in which the criminal attaches a device to the ATM that traps any cash the machine tries to dispense, allowing the criminal to return to the ATM later to retrieve the cash.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags securitymalwarefraudEuropean ATM Security Team

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments