The survey added that “explosive attacks (gas, solid ,and other) were identified as the second most common type of physical attack by 26.77 percent of respondents, which surpassed manual physical attacks using non-powered hand tools at 25.35 percent.” Russell said that these kinds of attacks are most often seen in Europe, South Africa, and South America.
“In Europe, an explosive gas mixture is often used, while elsewhere solid explosives such as the type used in the mining industry are used. Often the cash is destroyed, but on occasion they are successful. Collateral damage can be significant, particularly if perpetrated by amateurs,” Russell said.
Making it rain
The survey also asked respondents to estimate how much they lost at the hands of each type of attack. With skimming, respondents estimated that they lost $650 per card and $5,000 to $100,000 per incident. With malware- and black-box-based attacks, respondents said they lost an average of $104,000 per incident.
Physical attacks were responsible for $200,000 to $2,000,000 of loss per year, with an average of $41,400 per incident, including collateral damage, the respondents said. Card trapping, on the other hand, can net a criminal an average of $300 per card and cost an ATM operator up to $150,000 per year.
Luckily, respondents feel that the continued global transition to chip-based cards is having a positive effect on reducing credit card fraud. “58.7 percent of respondents said the cost of EMV fraud prevention has been worth it,” ATMIA wrote. (That’s significant for retailers in the US, who have been reluctant to introduce the friction of adopting a new technology into their business.)
“The second piece of good news is that the number one ATM crime for several years, skimming, finally seems to have peaked and is perceived to be decreasing for the first time ever,” the survey report continues. “This is, of course, due in part to EMV migration. It is also testimony to the effectiveness of the industry’s most popular antiskimming solutions. Nevertheless, this form of attack is still the highest ranked threat in our industry (but only just), and there are no grounds for complacency.”
Finally, the survey asked respondents where they would like to see increased security research. Data encryption and card number encryption made the list, as did biometric identification technology and Near Field Communications transactions (NFC-enabled ATMs could transmit card information to the ATM with a tap of a phone or a card). And, winning the generalist award, one respondent simply replied that they would like to see more research in “cyber.”