Menu
Use of Windows XP makes European ATMs vulnerable to malware attacks

Use of Windows XP makes European ATMs vulnerable to malware attacks

While malware is a concern, skimming is still the main problem in Western Europe ATM fraud

For the first time, a country in Western Europe has reported that malware attacks were used by hackers to steal €1.23 million (US$1.32 million) from ATMs. One major problem is the continued use of Windows XP in ATMs, making them more vulnerable to attacks, a report on ATM fraud said.

The report does not specify which country reported the malware attacks, said Lachlan Gunn, executive director the European ATM Security Team (EAST), an organization that aims to provide an oversight of trends in ATM fraud.

However, it is the first time these attacks were reported in Western Europe. Malware attacks on ATMs have been used for some time in other parts of the world, including Eastern Europe, the Asia Pacific region and Latin America, Gunn said.

The statistics in EAST's report were provided by 21 European states, including France, Germany, Italy, the U.K., Spain, Romania and the Netherlands.

The country targeted with malware attacks reported 51 incidents involving malware in 2014. In those cases, criminals used so-called cash out or jackpotting attacks, in which malware is used to take control of the ATM cash dispense function, allowing the criminals to take out cash. Gunn expects more Western European countries will report malware attacks in 2015.

"As a significant number of Europe's ATMs continue to use the Windows XP operating system, there are concerns that many remain vulnerable to ATM malware if the necessary preventative measures are not taken," EAST said in the report.

Microsoft ended support for Windows XP in April last year. Despite ATM vendors like Wincor-Nixdorf warning that the operating system exposes ATM operators to significantly higher security and legal risks, migrations to new systems are going slowly.

Vendors, together with EAST and European police forces, are working on guidelines on how to protect their ATM systems against these malware attacks, Gunn said.

Malware, though emerging in Western Europe, is not the main headache for ATM operators, the report showed. While the total number of ATM-related fraud incidents fell 26 percent compared to 2013, the related losses rose from €248 million to €280 million, the highest amount of money lost due to fraud in the last five years, according to EAST figures.

That rise was mainly driven by international skimming losses, which rose from €201 million to €238 million, even though the number of skimming incidents was down 3 percent from 2013, with 5,631 incidents reported. Skimmers capture card details and the PIN number at the ATM and use them to produce counterfeit cards for fraudulent cash withdrawals, often in countries outside of Europe.

The rise in international skimming losses was not seen in European countries where regional card blocking, often known as geo-blocking, has been widely implemented, Gunn said. Geo-blocking significantly reduces the risk of successful compromise, he said.

In 2014, a total of 15,702 ATM-related fraud attacks were reported in Europe. The fall in the total number of attacks was driven by a 95 percent reduction in transaction reversal fraud, a technique that involves creating an error condition at the ATM, making it appear that cash will not be dispensed and forcing a repayment of the amount withdrawn back to the account.

There was also a 31 percent decline of cash trapping attacks, in which the criminal attaches a device to the ATM that traps any cash the machine tries to dispense, allowing the criminal to return to the ATM later to retrieve the cash.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags securitymalwarefraudEuropean ATM Security Team

Featured

Slideshows

Examining the changing job scene in the Kiwi channel

Examining the changing job scene in the Kiwi channel

Typically, the New Year brings new opportunities for personnel within the Kiwi channel. 2017 started no differently, with a host of appointments, departures and reshuffles across vendor, distributor and reseller businesses. As a result, the job scene across New Zealand has changed - here’s a run down of who is working where in the year ahead…

Examining the changing job scene in the Kiwi channel
​What are the top 10 tech trends for New Zealand in 2017?

​What are the top 10 tech trends for New Zealand in 2017?

Digital Transformation (DX) has been a critical topic for business over the last few years and IDC is now predicting a step change as DX reaches macroeconomic levels. By 2020 a DX economy will emerge and it will become the core of what New Zealand industries focus on. From the board level through to the C-Suite, Kiwi organisations must be prepared to think and act digital when the DX economy emerges in 2017.

​What are the top 10 tech trends for New Zealand in 2017?
Top 15 Kiwi tech storylines to follow in 2017

Top 15 Kiwi tech storylines to follow in 2017

​The New Year brings the usual new round of humdrum technology predictions, glaringly general, unashamedly safe and perpetually predictable. But while the industry no longer sees value in “cloud is now the norm” type projections, value can be found in following developments of the year previous, analysing behaviours and patterns to formulate a plan for the 12 months ahead. Consequently, here’s the top Kiwi tech storylines to follow in 2017...

Top 15 Kiwi tech storylines to follow in 2017
Show Comments