Banks actively fight against criminals

According to European ATM Security Team (EAST) data, in 2009, criminal activities related to these devices caused damage amounted to 312 million Euros – which is 36% less than a year earlier. The experts of the Team stated that various ATM security measures actively implemented by banks have contributed to such change.

The situation is much more complicated in the Baltic states. According to Vladas Lapinskas, the Executive Director of the BS/2, despite the increasing number of ATM breaks and credit card data thefts, the number of “successful” crimes declines in relation with the security measures taken by banks.

A number of physical breaks into ATMs and their thefts (taking them out of their place) has increased in the Baltic states. Despite the fact that such type of crimes are relatively “young” in Lithuania (first crimes of such type were recorded in September 2007), today banks are faced with organized crime, which is usually active in more than one country. Moreover, since the very beginning of ATM-related crimes, they have changed significantly.

“Banks have managed to fill the gaps in information security, e.g. to reduce the risk of crimes related to the credit card data, but today criminals more often resort to physical attacks against the self-service facilities, the so-called brute force attack”, said V. Lapinskas.

Dealing with similar attacks is not easy, but one can try to reduce “earnings” of criminals. One of the most appropriate solutions to that is “ink-protection”: a capsule of ink which is build-in into ATM pours out that moment, when a risk of illegal actions arises, and covers money bills with the special composition of indelible ink. Thus, the risk of “getting nothing” significantly increases, because criminals tend to refuse hacking.

However, the “ink-protection” is used by relatively small percentage of banks operating in the territories of the Baltic states. Generally, they use video security measures. However, a standard costly video recording of ATM and its environment does not guarantee the security.

“We have successfully implemented a video surveillance and conflict with clients resolving solution ATMeye.iQ, which provides a 24/7 remote monitoring of internal and external operations and the overall network of devices”, stated the representative of BS/2.

ATMeye.iQ is successfully used by financial structures of European, Asian and African countries. Today, over 30,000 of its versions are installed in 65 countries – which is 1.7% of the world’s protected ATM machines.

According to the expert, Lithuanian banks have moved to chip card management, and solved the problem of the protection of card holders, but IT systems that are responsible for carrying out the transactions (including telecommunication solutions for ATMs) still remain in the risk area. Recently, an increasing number of world-wide criminal cases is being recorded, which are primarily aimed at data theft at the moment when an ATM machine is in contact with the central system. Thus, the criminals from the Baltic, CIS and other states are stealing data from local card holders, and cash the money abroad, e.g. the United States.

Problem Solving – EMV and PCI DSS certificates that meet international standards of information security. Unfortunately, there are few banks and retail businesses today in Lithuania, which completely meet these digital standards of security.

“To anyone who does not want to risk the safety of customers and their own reputation, BS/2 offers consultations regarding compliance with the international EMV and PCI DSS standards”, said V. Lapinskas about one of the Company’s services.

BS/2 also offers a systematic ATM machine network security, operational security preventing illegal actions of personnel that restrict user access to the information, and security system audit.