The US National ATM Council is warning cash machine operators of an emerging scam in which criminals re-programme the terminal to dispense notes even when a transaction is denied.
The scam, which has hit ATMs in California, is accomplished by criminals' opening the upper ATM housing and installing a "rigged" device that alters the transaction response message coming back from the card issuer to the terminal. This effectively turns a "denial" into an "approval" message - thereby tricking the terminal into dispensing the cash.
"This scam appears to be taking advantage of an unencrypted communications link vulnerability somewhere between the wireless modem and the ATM terminal," says NAC. "To protect against this scam, sources are advising operators to program their ATMs to implement SSL encryption whether the terminal is using a hard-wired or wireless data connection as its communications modality."
Operators are also advised to check their upper housings for signs of tampering and to make sure they are not using standard default lock and key settings.
States the NAC: "Although this scam has been reported thus far as only occurring in California, we know how trends such as this can and do spread across the nation...and so, vigilance is in order."