Blog: Security Cooperation in the Financial Services Industry

A few years ago, Krebs on Security¹ reported about incidents in Texas. The state was hit by a wave of well-organized hook & chain attacks all following the same playbook. These attacks then spread to other states as well. Meanwhile, Germany has become a prime target for explosive attacks on ATMs and again all clues point towards highly organized groups with a division of roles and training centers as was reported by the Federal Crime Police Office (Bundeskriminalamt)². At the same time, the United States is getting hit by a wave of jackpotting attacks also performed by organized crime groups: Every day the US Secret Service receives an average of two fraud alerts about new jackpotting attacks³.

Unfortunately, the good guys are often more fragmented. Let’s stay in Germany for this example: The country is made up of 16 states, each with their own decentralized police force. Combine this with a banking system that is made up of nearly 1,500 independent financial institutions (FIs). This structure made the roll out of a swift national response and improvement of ATM security standards difficult – but not impossible: In an encouraging example to the close cooperation of police, banks, insurers and ATM manufacturers, succeeded in reducing the number of explosive attacks compared to the peak in 2022. Never the less, Germany remains the main target of this type of attack.

Despite this positive example: Cooperation becomes increasingly difficult, if the OCGs are active in different countries.

However, that is exactly what we must do: to combat the fast-paced development of new attacks and the high level of organization on the side of the attackers, we must also organize, we must connect. Trustful and intense collaboration and close communication is the key.

Any FIs’ CISO/CSO should involve themselves in these discussions about the security of the self-service channel as this topic needs to be handled not just on the operational but also on the strategic level. But what does that mean concretely?

• Join local and global security associations like NCFTA³ or EAST⁴ to stay up to date on the threat landscape and attack patterns, especially those that might become a threat to your network.
• If the worst happens, share threat intelligence with your solution provider so they can do a full analysis and building on that develop new updates and countermeasures. Even if you are not sure an attack has taken place, inform your solution provider as they may have received information on similar incidents already.
• Check if your solution provider has their own communication channels on security. At Diebold Nixdorf our Product & Solution Security Team (PSS) manages all incidents and monitors vulnerabilities globally. Awareness of local priorities and global trends will improve risk management of your fleet.
• The Rapid Response Team, part of the Product & Solutions Security Team, handles the evaluation and management of attacks. But they also work to raise awareness and prepare FIs for future incidents by sharing recommendations and new security concepts.
• To facilitate communication and information sharing among financial industry peers, the PSS team has also developed the Global Security Platform aka GSP. It provides information anonymous information concerning security incidents or fraud events as well as security alerts in case of an attack.

Trustful cooperation and information sharing are key to improve your ATM fleet’s security as well as security in the financial services industry overall. However, there are many more steps you need to take to make your self-service channel as secure as possible: Read our guide on the 7 shields to protect the self-service channel, to learn about other ways to consider.


Sources:
¹ HTTPS://KREBSONSECURITY.COM/2021/07/SPIKE-IN-CHAIN-GANG-DESTRUCTIVE-ATTACKS-ON-ATMS/
² HTTPS://WWW.EUROJUST.EUROPA.EU/NEWS/CRACKDOWN-CRIMINAL-NETWORK-ROBBED-ATMS-GERMANY
³ HTTPS://WWW.NCFTA.NET/
⁴ HTTPS://WWW.ASSOCIATION-SECURE-TRANSACTIONS.EU/