When it comes to effective risk management, it takes more than just technology. Undermining organized criminal activity demands industry collaboration – along with people and processes to stay one step ahead of the evolving nature of ATM crime.

That’s why NCR believes industry events such as the annual security event in London organized by RBR (Retail Banking Research) and ATMIA provides a productive forum for sharing industry trends and best practice when it comes to addressing security threats.

Key themes from the event were not surprisingly card skimming, physical attacks – particularly a significant increase in explosive attacks – both gas and solid explosives and also the very real threat of cyber, or digital crime.

Card skimming has a long history and still represents the biggest cost to the industry in terms of hard cash losses. Despite the introduction of EMV (with 97 percent of all European ATMs now compliant) the continued existence of the magnetic stripe on cards provides an opportunity for skimming. However, the good news is that though criminals remain persistent and card skimming attacks at the ATM have increased by 3 percent, losses have fallen by 14 percent (EAST).

This is only the European side of the story. Fraud always migrates to the weakest, unprotected areas. A delay in the introduction of EMV technology in the U.S. has left this market exposed, where conservative estimates put card skimming losses at around $1 billion. However, significant moves are now being made towards closing this loop. News that Visa and MasterCard are introducing a liability shift for EMV compliance in the U.S. means that we can hope to see the decline of the magnetic stripe.

Viruses used to be perceived as the main software hazard. However, there is now widespread recognition of the very real threat from digital crime. This is highlighted by ATMIA’s 2011 Global ATM Crime Survey where cyber attacks were ranked third out of all ATM threats. As well as an increase in malware attacks specifically designed to undermine a system and exploit its weaknesses, reported in Verizon’s 2011 Breach Investigations Report, there have also been high profile insider attacks. All this highlights the need for increased data security. And that’s where PCI-DSS comes in.

NCR was delighted to share our speaker opportunity this year with two guests: Axis Xanthopoulos, Marfin Popular Bank Greece and Patrick Moyston, CIBC, Canada.

• Axis Xanthopoulos focused on the criminal lifecycle and the importance of achieving and maintaining PCI-DSS compliance. His message was around the security benefits that compliance achieves – it is more than just a tick in the box! (Marfin Popular Bank in Greece had chose to implement NCR’s multi-vendor APTRA software portfolio including Solidcore Suite for APTRA and Active Directory for APTRA.)
• Patrick Moyston shared his bank’s success in applying analysis and collaboration with law enforcement to detection technology. Turning the raw data, alerts generated at the ATM, into actionable information has significantly reduced the banks cash losses due to fraud and protected their user experience.

As an industry we need to continually innovate against crime. So we also joined forces at the event with Central Saint Martins, London. NCR’s Consumer Experience [Cx] team in Dundee, Scotland, had set a brief with the Design Against Crime Research Centre at Central Saint Martins College of Arts and Design, London and supported them in the ‘Design Against ATM Crime ’ project. The challenge we set was, “Can staff and students at these design institutions find new approaches to generating behaviour change as well as cost-effective solutions to help tackle ATM crime against the card holder?”. Design students at two other significant design schools in different parts of the world were also involved - TU Delft, Netherlands and University of Technology Sydney, Australia. 

Take a look at the whitepaper – the results of this project – on our website. You can make up your own mind as to how successful these concepts are – but hopefully you will find them thought-provoking as you continue to develop branch design and ATM deployment strategies. We believe at NCR that initiatives such as these will help us remain innovative and proactive as an industry in protecting the integrity of the self-service user experience.