system, attackers bypass the machine’s software entirely by connecting an external device to the cash dispenser unit. This is more difficult for banks to detect, as it leaves minimal digital traces. 4. Combination With Other Financial Crimes Jackpotting is increasingly being combined with skimming and account-takeover schemes. In a recent case in Arizona’s northern corridor, criminals compromised ATMs to harvest card data while simultaneously deploying malware to empty machines. The convergence of digital and physical crime complicates investigations and heightens losses. IMPACT ON COMMUNITY BANKS For community banks in the region, jackpotting presents both financial and reputational risks. Losses from a single event can reach hundreds of thousands of dollars, and the perception of insecurity can undermine customer confidence. Smaller institutions also face disproportionate challenges: Unlike national banks, they may not have in-house cybersecurity teams or the capital to replace vulnerable ATM hardware immediately. Banks in the region are taking steps to adapt. Recommended countermeasures include: • Update Regularly: Ensure that the ATM’s operating system, firmware, software and configurations are up to date. • Upgrade Machines: As necessary, upgrade ATM fleets to newer models with encrypted communications and hardened ports. • Delay Physical Access: Use anti-jackpotting kits, alarms and barriers to delay attackers. • Monitor Remotely: Improve remote monitoring to detect unusual cash-out patterns in real time. • Upgrade Technology: Ensure ATMs are TLS-encrypted and have TR31 PCI-compliant keypads. • Monitor Anomalous Activity: Implement real-time surveillance, including AI-assisted alerts and transaction anomaly detection. • Educate Staff: Train personnel to identify impersonators and unauthorized technicians. • Limit Physical Access: Generic manufacturer keys can lead to stealing, copying or purchasing keys to access multiple ATMs. • Implement Access Controls: ATM service technician access should require multi-factor authentication where possible. If you suspect that an ATM is compromised using these jackpotting techniques, take the following steps immediately: • Before opening the ATM, wear gloves to avoid contaminating any potential DNA evidence and prints. • Before removing any unauthorized devices from the ATM, photograph all components, the hard drive and any attached devices. • Report suspicious activity to the U.S. Secret Service field office in Denver by calling (303) 850-2700. INDEPENDENT REPORT | 15
RkJQdWJsaXNoZXIy MTg3NDExNQ==