Overview

Despite criminal innovations, the simplest way to illegally withdraw cash from a bank is to exploit the weaknesses inherent in the business and operation of automated teller machines (ATMs). Whether criminals are organized internationally or domestically, the accessibility of mass-produced plastic cards, the limited number of ATM vendors, and a patchwork of fixes that safeguard devices in a piecemeal fashion have created the opportunity for prolific crimes. 

Crimes at cash machines should be expected given the trillions of dollars dispensed from ATMs each year. A single cassette can carry as much as one million dollars in cash — amounts unseen in brick-and-mortar, retail branches. 

This report will break down into two categories the risks that ATMs face: logical attacks that focus on the weaknesses embedded within the device’s software and operating systems, and physical ones that involve crooks breaking locks to cash dispensers. 

Key questions discussed in this report:

  • How great a role will ATM investments play in the business plans of financial institutions (FIs)? 
  • What is the state of the ATM threat landscape? 
  • What solutions best combat those threats? 
  • What obstacles exist to implementing those solutions? 

Companies Mentioned: Apple, Bank of America, Co-Op Financial Services, FIS, Google, JPMorgan Chase, Wells Fargo 



Methodology

Javelin conducted a series of interviews involving industry and vendor executives, attorneys and other relevant stakeholders to gain an understanding of the topic. Interviewees represented a variety of organizations. 

Data in this report is based on information collected in a random-sample panel of 800 information technology security decision-makers, 200 of whom work in financial services. For questions answered by all 800 survey respondents, the maximum margin of sampling error is ±3.46 percentage points at the 95% confidence level. For questions answered by all 200 financial services respondents, the maximum margin of sampling error is ±6.93 percentage points at the 95% confidence level. The maximum margin of sampling error is higher for questions answered by segments of respondents.