Blog: Security Cooperation in the Financial Services Industry

Attackers don’t sleep. Worse: They cooperate.

Attacks on ATMs with relation to organized crime groups (OCG) have become more common over the last years and the level of sophistication is continuing to increase. Each of these OCGs is specialized in one specific Modus Operandi e.g., Jackpotting, Skimming or Explosives attacks, with experts on building fraudulent devices and other sub-tasks. They don´t care much about boarders and constantly adapting their tactics, techniques, and procedures.

Not too long ago, Krebs on Security¹ reported about incidents in Texas. The state was hit by a wave of well-organized hook & chain attacks all following the same playbook. These attacks then spread to other states as well. Meanwhile, Germany has become a prime target for explosive attacks on ATMs and again all clues point towards highly organized groups with a division of roles and training centers as was reported by the European Union Agency for Criminal Justice Cooperation².

Unfortunately, the good guys are often more fragmented. Let’s stay in Germany for this example: The country is made up of 16 states, each with their own decentralized police force. Combine this with a banking system that is made up of nearly 1,500 independent financial institutions (FIs). This structure makes the roll out of a swift national response and improvement of ATM security standards difficult. This gets increasingly difficult, if the OCGs are active in different countries.

However, that is exactly what we must do: to combat the fast-paced development of new attacks and the high level of organization on the side of the attackers, we must also organize, we must connect. Trustful and intense collaboration and close communication is the key.

Any FIs’ CISO/CSO should involve themselves in these discussions about the security of the self-service channel as this topic needs to be handled not just on the operational but also on the strategic level. But what does that mean concretely?

Join local and global security associations like NCFTA³ or EAST⁴ to stay up to date on the threat landscape and attack patterns, especially those that might become a threat to your network.
If the worst happens, share threat intelligence with your solution provider so they can do a full analysis and building on that develop new updates and countermeasures. Even if you are not sure an attack has taken place, inform your solution provider as they may have received information on similar incidents already.
Check if your solution provider has their own communication channels on security. At Diebold Nixdorf our Product & Solution Security Team (PSS) manages all incidents and monitors vulnerabilities globally. Awareness of local priorities and global trends will improve risk management of your fleet.
Two Rapid Response Teams – one part of the Product & Solutions Security Team – handle the evaluation and management of attacks. But they also work to raise awareness and prepare FIs for future incidents by sharing recommendations and new security concepts.
To facilitate communication and information sharing among financial industry peers, the PSS team has also developed the Global Security Platform aka GSP. It provides information anonymous information concerning security incidents or fraud events as well as security alerts in case of an attack.

Trustful cooperation and information sharing are key to improve your ATM fleet’s security as well as security in the financial services industry overall. However, there are many more steps you need to take to make your self-service channel as secure as possible: Read our guide on the 7 shields to protect the self-service channel, to learn about other ways to consider.