Banks looking to reinforce their defenses against data theft may want to start with their automated teller machines.
More than half of intrusions in the financial industry in a recent study led by Verizon involved tampering with ATMS, the company said in a report published Oct. 24. Overall, 61% of security threats involved physical tampering, including the installation of skimming and camera devices on ATMs to capture magnetic-stripe data and PINs. Roughly one in four threats involved malware that captures user names and passwords. Another 22% involved hacking.
“Criminals realize it’s easier to come and go as they please, using valid credentials and avoiding attention, than it is to find and exploit other system vulnerabilities,” according to the study, which examined 190 data breaches within the finance and insurance industries since 2010.
The study, by a unit of Verizon that assesses digital security on behalf of businesses, together with the Australian Federal Police, the Dutch National High Tech Crime Unit, the Irish Reporting & Information Security Service, the United Kingdom’s Police Central e-Crime Unit, and the U.S. Secret Service, is one of a series of industry-by-industry reports published by the group.
According to the study, 56% of data breaches compromised ATMs. Another 21% of attacks compromised database servers, while 13% involved web servers.
Overall, 96% of threats to banks originated externally and emanated mostly from professional criminal organizations in Eastern Europe and elsewhere, according to the study. Still, 9% of breaches involved employees of the target company, one of the highest rates of internal breaches among industries the group examined. Insiders were people who typically handled financial transactions, such as bank tellers and loan officers, the study found.