Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label ATM Security. Show all posts

Blockchain's Role in Reinventing ATM Security: A Game-Changer in Banking

 


Blockchain technology allows for the creation of a structured data structure that is intrinsically secure. A cryptocurrency is based on the principles of cryptography, decentralization, and consensus, which is a mechanism that ensures that transactions can be trusted. 

Data is usually organized into a series of blocks, and within each block, there is a transaction or bundle of transactions, which makes up the most popular blockchain or distributed ledger technologies (DLT). This cryptographic chain is constructed by connecting every new block to all those before it to ensure that no block can be tampered with in the future. 

An agreement mechanism is used to verify and agree upon the validity of all transactions within blocks, and this mechanism ensures that each transaction in the block is valid. A crucial part of keeping our money safe and secure is the use of technology in the world of modern banking. 

There are many breakthrough technologies in the world today, and blockchain is one of them. The Indian market for digital payments is expected to have a market capitalization of an astounding 500 billion by 2020 with its growth on a steady track. 

Several factors, including demonetisation and government efforts to encourage mobile-based transactions across the country, can be attributed to the increase in the use of online payments across the country. The move to a truly digital economy seems to be only a matter of time. With an increasing number of Indians opting for digital cash and more payment methods evolving to support digital transactions, it appears that we are on our way to becoming a fully digital economy. 

It must be said, however, that one of the current challenges with online payments in the country is finding a way to uniform the structure and functionality of the payment system. Blockchains are similar to big ledgers, storing all transactions that occur in an encrypted record in an encrypted database that can be searched in real-time. 

With Blockchain technology, users have the option of sending, receiving, and managing their accounts online with no middleman in the case of online transactions. Blockchain technology represents a very promising method of decentralization that allows members of a distributed network to contribute to the network.

An individual user cannot change the record of transactions in a server-based environment, and there is no single point of failure. Despite this, there are some critical differences in the security aspects of blockchain technologies. The Automated Teller Machine (ATM) is a way for financial institutions wishing to provide their customers with the convenience of conducting small transactions without having to interact directly with bank staff by offering them an electronic outlet through which they can accomplish the task. 

With ATMs, customers can carry out many of their banking transactions easily by performing self-service transactions such as depositing cash into their accounts, withdrawing cash from them, paying their bills, transferring funds between their accounts, and checking their account balance and latest transactions. 

As always, the safety of newly invented technology may be the largest challenge with the most technological advances. Secondly, and perhaps most importantly, since ATMs are primarily used for cash exchange, hackers and robbers are constantly looking for ways to exploit them to gain access to cash. 

Typically ATMs are connected to bank servers via leased lines, which provide high-speed connectivity, so these ATMs are normally linked to the bank's servers. An ATM manufacturer (National Cash Register or NCR) provides the hardware components required for the establishment of an ATM (Automatic Teller Machine) and is typically contracted by the bank to provide the hardware and software. 

The manufacturer usually purchases the ATM from an ATM manufacturer, usually NCR (National Cash Register). It has become very common for banks to outsource ATM maintenance, including cash loading, to third-party service providers to handle their responsibilities. 

To enable the ATM software to connect with the interbank network and dispense cash accordingly, ATMs are equipped with a switch, also known as a payment transfer engine, which is the engine that enables the ATM to transfer money between accounts. ATMs are frequently targeted for physical and logical attacks, which are the two most common types of attacks on them. 

A physical attack nowadays is an outdated practice due to the risks involved, which include financial hazards, as well as hazards to life, property and health that may result from it. Various forms of physical assault are used to attack ATMs, including the use of explosives, the removal of the machine from its post, or any other of many methods that involve forcefully removing the machine from its original location. 

With advancements in scalability, privacy, and regulatory compliance, the future outlook for blockchain-based ATM security looks quite promising. This is expected to lead to a broader adoption of the technology in the future. 

Due to the evolution of quantum-resistant cryptography and the introduction of various interoperability features, blockchain technology is poised to offer unparalleled protection, helping to prove the robustness and safety of the financial industry as a whole. 

Considering these significant innovations, it becomes more and more imperative that the financial industry implements blockchain technology to keep up with these advances. Through the integration of blockchain technology into ATM security, overall financial services, and the user experience, ATMs can be made more secure and enhanced with greater efficiency and transparency. 

Financial institutions can stand out from the competition by integrating blockchain technology to contribute to a more secure and trust-driven future in banking and beyond, which can lead to a more secure, more transparent and more efficient system.

Protecting Yourself from ATM Scams: Understanding and Preventing Shoulder Surfing

Shoulder Surfing

What is Shoulder Surfing?

ATM card scams are a growing concern in many countries, including India. Criminals use a variety of techniques to gain unauthorized access to individuals’ ATM cards and withdraw money from their accounts. One such technique is shoulder surfing, where scammers attempt to steal sensitive information such as ATM PINs, CVV numbers, and other details.

Shoulder surfing is a sneaky method of stealing information by looking over someone's shoulder without their knowledge. It's commonly done when people are using ATMs or their phones for transactions. In shoulder surfing, thieves position themselves next to someone and observe their actions.

How Shoulder Surfing is Carried Out?

As the name suggests, these thieves typically peek over the shoulder of an unsuspecting individual at an ATM or while they are occupied with their phone, in order to obtain sensitive information. They attempt to view personal details such as passwords and PIN numbers, which they later exploit for their own financial gain.

Shoulder surfing is often carried out in crowded places where it is easy for thieves to blend in and position themselves beside a person who is filling out a form, entering a PIN at an ATM, or using a calling card at a public pay phone. Additionally, shoulder surfing can also be conducted using technology like binoculars or other devices to enhance the thief's ability to gather information from a distance.

Tips to Protect Yourself from Shoulder Surfing

To protect yourself from shoulder surfing, it is important to be aware of your surroundings and take preventive measures. Make a habit of concealing your screen and obstructing the view of the screen and keyboard from potential onlookers. Using your hand or body to shield the screen and keypad while entering your PIN at an ATM can add an extra layer of security. Additionally, consider using a privacy screen or cover for your phone or tablet when entering sensitive information in public.

Here are some additional tips to protect yourself from shoulder surfing:

  • Never accept help from strangers at the ATM.
  • Be alert to your surroundings and watch out for anyone suspicious who might be trying to see your screen.
  • Use strong and unique passwords for all your accounts.
  • Regularly monitor your bank statements for any unauthorized transactions.

Shoulder surfing is just one of the many techniques used by scammers to steal sensitive information from unsuspecting users for financial gain. By being aware of your surroundings, taking simple precautions, and regularly monitoring your accounts, you can protect yourself from this type of scam.

Diebold Nixdorf ATM Bugs Allowed Attackers to Alter Firmware & Steal Cash

 

Security researchers at Positive Technologies have disclosed information on several vulnerabilities in Diebold Nixdorf ATMs that could have permitted an intruder to change the system's firmware and take cash. 

The vulnerabilities, known as CVE-2018-9099 and CVE-2018-9100, were discovered in the Wincor Cineo ATMs' CMD-V5 and RM3/CRS dispensers – one in each device – and were patched a few years ago. In 2016, Diebold acquired Wincor Nixdorf, and the two firms eventually merged. 

During research approved by the vendor, Positive Technologies found that, while the ATMs had a range of security mechanisms in place to combat blackbox attacks, such as end-to-end encrypted communication with the cash dispenser, it was actually easy to get past them.

The researchers found out the command encryption between the ATM computer and the cash dispenser, bypassed it, swapped the ATM firmware with an older version, and abused the flaws to direct the device to distribute cash. 

While encryption is utilized to protect against blackbox attacks, the researchers observed that an attacker might steal the encryption keys and then spoof their own firmware to load on the compromised ATM. The researchers were able to determine the elements involved in the check process in the code responsible for confirming the firmware signature and in the firmware, particularly the public key and the signed data itself. 

Positive Technologies explained, “As a signature verification algorithm, RSA was used with an exponent equal to 7, and the bit count of the key was determined by the size of the public part N. It turned out that if you fitted into the offsets at which the signature and public key were written, you could set almost any length.” 

An attacker requires to discover a means to transmit orders to the dispenser and define the amount of money in each cassette before withdrawing money from the ATM. Diebold Nixdorf, which published fixes for these vulnerabilities in 2019, suggests activating physical authentication when an operator conducts firmware installation to further prevent unauthorised access. The firm warned earlier this year that jackpotting assaults against RM3-based Cineo systems in Europe were on the surge.

Hiding ATM Pad Gives Less Protection Against Attackers: States Research

 

While using a credit card or cash card for money withdrawal from an ATM, users must provide their unique PIN. A careful individual might conceal the keypad with their hand as they input it so that nobody else learns their PIN, although even if they hide the keypad with their hand, it is possible to predict the PIN with good accuracy using a machine learning technique. 

Recently, investigations have indicated that it is viable to program a special-purpose deep-learning system to predict 4-digit card PINs 41% of the time, even when the victim is shielding the keypad with their hands. The attack necessitates the establishment of a copy of the target ATM since training the algorithm for the exact size and key spacing of the various PIN pads is critical. 

Utilizing footage of individuals inputting PINs on the ATM pad, the machine-learning model is then taught to detect pad presses and give particular probability on a set of possibilities. The researchers collected 5,800 recordings of 58 different people from various demographics inputting 4-digit and 5-digit PINs for the research. 

The prediction model was run on a Xeon E5-2670 having 128 GB of RAM and three Tesla K20m with 5GB of RAM each. Not any typical system, but probably within a reasonable cost range. 

The researchers rebuilt the right sequence for 5-digit PINs 30 percent of the time using three tries, which is generally the maximum allowed number of attempts before the card is blocked, and 41 percent of the time for 4-digit PINs. 

The model may omit keys based on non-typing hand coverage and derive pushed digits from other hand motions by calculating the topological distance between two keys. 

The positioning of the camera that catches the attempts is critical, particularly when filming left or right-handed people. The attacker concluded that concealing a pinhole camera at the top of the ATM was indeed the best choice. However, if the camera can capture audio as well, the model might employ pressing sound feedback that is slightly different for every digit, making the estimates much more precise. 

This experiment demonstrates that concealing the PIN keypad with the other hand is insufficient to guard against deep learning-based assaults, but there are several alternatives one may use. 

For instance, if the bank allows users to select a 5-digit PIN rather than a 4-digit PIN, go with the lengthier one. It will be more difficult to remember, but it is far more secure against any such attacks. Furthermore, the proportion of hand covering considerably reduces prediction accuracy. A coverage ratio of 75% results in an accuracy of 0.55 for each trial, whereas entire coverage (100%) results in an accuracy of 0.33. 

Another alternative would be to provide customers with a virtual and randomized keypad rather than the conventional mechanical one. This has unavoidable usability problems, but it is a great security precaution.

Cases of Net Banking and ATM Frauds Increase by 50% in New Delhi


Cases of illegal matters like Net Banking, ATM hackings, and fraud banking cards rose over 50% to pass more than 52,000 cases in the year 2018, with New Delhi being the banking scams metropolis estimating for approximately 27% of the recorded instances of "theft of money." The Indian Government, however, replies by saying the situation is not that bad as the amount of money stolen in such instances have dropped. Cases of theft related to Netanking, ATMs, and transactions have risen by 50%. But the amount of fraud money involved in these cases has fallen by 12%.


The capital New Delhi amounts for 3,164 complaints registered, top in the list of ATM frauds cities. However, the figures in the public sector ATM frauds are quite staggering. State Bank of India, which has more than 58,000 ATMs throughout the country, has been the victim of 1 out of 5 frauds happening to its ATM. SBI amounts to 25% of the ATM frauds that happened in 2018-19. Following SBI is IDBI Bank, which is second in the list of ATM frauds. According to IDBI's website, the bank has over 3700 ATMs in the country, and it reports 1800 cases of scam. IDBI amounts for 15 % of the ATM heists cases between 2017 and 19.

As of now, the Indian government has not revealed the causes that led to the fraud. The bankers, on the other hand, say that India has been falling prey to banking frauds day by day, at the time when the country is working to develop its infrastructure to protect itself. "The country is observing a large entrance of frauds from alien nations as the support system in Europe has been enhanced, causing more trouble for the fraudsters," says a banker.

Whereas, another banker says that hidden cameras are being planted over the ATM keyboards for spying the pin codes, and different hacking methods like viruses are being deployed by the hackers in the ATMs to steal all the money. The RBI has announced specific measures to control the situation but the banks are very slow in responding to the measures suggested.

ATM Hacker Boanta invents "Secure Revolving System(SRS)" to prevent ATM thefts


"The only person who know how to secure your system is the person who know how to break- Hacker." BreakTheSec.

A Romanian cybercriminal , who is six months into a 5-year sentence for supplying gadgets that conceal ATM skimmers has invented a new device that prevents ATM thefts, Reuters reported.

Valentin Boanta, 33-year-old, who was arrested in 2009 said his arrest made him happy because it helped him to get of his Blackhat hacking addiction.

"Crime was like a drug for me. After I was caught, I was happy I escaped from this adrenaline addiction." Reuters quoted as Boanta saying. "So that the other part, in which I started to develop security solutions, started to emerge."

Secure Revolving System-SRS:SRS device, funded by a technology firm called MB Telecom, can be installed in any existing ATM that prevents the operation of skimming devices.