ATMIA Global Security & Fraud Annual Survey 2016

Thank you for taking the time to help us identify the top global fraud and security issues facing the ATM industry. Just for taking the survey you will receive a copy of the executive summary.

This survey uses two basic categories to describe ATM criminal attacks – PHYSICAL ATTACKS and FRAUD. Physical attacks include the theft of the ATM itself or theft of valuables such as cash from within the ATM. Fraud include a wide range of methods criminals use to steal data such as skimming, card theft and malware among others.

Unless specifically asked about future expectations, please answer based upon your experience over the last 12 months.

Question Title

* 1. Please enter the country you are based in:

Country:

Question Title

* 2. If your responses relate to a whole region or globally, please select all that apply

Africa

Asia

Asia Pacific

Canada

Europe

India

Latin America

Middle East

United States

Question Title

* 3. Over the past 12 months, how do you feel overall trends in ATMs attacks have changed?

	Decreasing Significantly	Decreasing Slightly	Remaining Consistent	Increasing Slightly	Increasing Significantly
Fraud Attacks	Fraud Attacks Decreasing Significantly	Fraud Attacks Decreasing Slightly	Fraud Attacks Remaining Consistent	Fraud Attacks Increasing Slightly	Fraud Attacks Increasing Significantly
Physical Attacks	Physical Attacks Decreasing Significantly	Physical Attacks Decreasing Slightly	Physical Attacks Remaining Consistent	Physical Attacks Increasing Slightly	Physical Attacks Increasing Significantly

Comments:

Question Title

* 4. For PHYSICAL attacks, indicate what trends you have experienced over the last 12 months. If you have not experienced a particular attack, select "Have Not Experienced."

	Decreasing	Remaining Consistent	Increasing	Have Not Experienced
Theft of ATM itself using vehicles (ram raids, smash & grab, pull-outs)	Theft of ATM itself using vehicles (ram raids, smash & grab, pull-outs) Decreasing	Theft of ATM itself using vehicles (ram raids, smash & grab, pull-outs) Remaining Consistent	Theft of ATM itself using vehicles (ram raids, smash & grab, pull-outs) Increasing	Theft of ATM itself using vehicles (ram raids, smash & grab, pull-outs) Have Not Experienced
Theft of ATM itself using manual removal of ATM by a person	Theft of ATM itself using manual removal of ATM by a person Decreasing	Theft of ATM itself using manual removal of ATM by a person Remaining Consistent	Theft of ATM itself using manual removal of ATM by a person Increasing	Theft of ATM itself using manual removal of ATM by a person Have Not Experienced
Breaking into safe using saw or angle grinder	Breaking into safe using saw or angle grinder Decreasing	Breaking into safe using saw or angle grinder Remaining Consistent	Breaking into safe using saw or angle grinder Increasing	Breaking into safe using saw or angle grinder Have Not Experienced
Breaking into safe using drills	Breaking into safe using drills Decreasing	Breaking into safe using drills Remaining Consistent	Breaking into safe using drills Increasing	Breaking into safe using drills Have Not Experienced
Breaking into safe using thermal torches, plasma cutters or lances	Breaking into safe using thermal torches, plasma cutters or lances Decreasing	Breaking into safe using thermal torches, plasma cutters or lances Remaining Consistent	Breaking into safe using thermal torches, plasma cutters or lances Increasing	Breaking into safe using thermal torches, plasma cutters or lances Have Not Experienced
Breaking into safe using hydraulic tools (jaws of life)	Breaking into safe using hydraulic tools (jaws of life) Decreasing	Breaking into safe using hydraulic tools (jaws of life) Remaining Consistent	Breaking into safe using hydraulic tools (jaws of life) Increasing	Breaking into safe using hydraulic tools (jaws of life) Have Not Experienced
Breaking into safe using wedges and hammers	Breaking into safe using wedges and hammers Decreasing	Breaking into safe using wedges and hammers Remaining Consistent	Breaking into safe using wedges and hammers Increasing	Breaking into safe using wedges and hammers Have Not Experienced
Breaking into safe using crowbars or pry bars	Breaking into safe using crowbars or pry bars Decreasing	Breaking into safe using crowbars or pry bars Remaining Consistent	Breaking into safe using crowbars or pry bars Increasing	Breaking into safe using crowbars or pry bars Have Not Experienced
Breaking into safe using explosive gas	Breaking into safe using explosive gas Decreasing	Breaking into safe using explosive gas Remaining Consistent	Breaking into safe using explosive gas Increasing	Breaking into safe using explosive gas Have Not Experienced
Breaking into safe using solid explosives (including gels and putty)	Breaking into safe using solid explosives (including gels and putty) Decreasing	Breaking into safe using solid explosives (including gels and putty) Remaining Consistent	Breaking into safe using solid explosives (including gels and putty) Increasing	Breaking into safe using solid explosives (including gels and putty) Have Not Experienced
Damage to ATM cabinet, top box or fascia for purpose of fraud	Damage to ATM cabinet, top box or fascia for purpose of fraud Decreasing	Damage to ATM cabinet, top box or fascia for purpose of fraud Remaining Consistent	Damage to ATM cabinet, top box or fascia for purpose of fraud Increasing	Damage to ATM cabinet, top box or fascia for purpose of fraud Have Not Experienced
Damage to ATM cabinet, top box or fascia for purpose of vandalism	Damage to ATM cabinet, top box or fascia for purpose of vandalism Decreasing	Damage to ATM cabinet, top box or fascia for purpose of vandalism Remaining Consistent	Damage to ATM cabinet, top box or fascia for purpose of vandalism Increasing	Damage to ATM cabinet, top box or fascia for purpose of vandalism Have Not Experienced

Other types of physical attack methods you've experienced:

Question Title

* 5. For FRAUD attacks, indicate what trends you have experienced over the last 12 months. If you have not experienced a particular attack, select "Have Not Experienced."

Other types of fraud methods you've experienced:

Question Title

* 6. Over the past 12 months, which type of location best describes where the majority of attacks you've experienced are taking place. If you have not experienced a particular attack, please leave it blank.

	Fraud Attacks	Physical Attacks
Drive-Thru	Drive-Thru Fraud Attacks	Drive-Thru Physical Attacks
Through-the-wall	Through-the-wall Fraud Attacks	Through-the-wall Physical Attacks
Stand Alone / POD	Stand Alone / POD Fraud Attacks	Stand Alone / POD Physical Attacks
Inside bank (24-hour access)	Inside bank (24-hour access) Fraud Attacks	Inside bank (24-hour access) Physical Attacks
Inside bank (staffed)	Inside bank (staffed) Fraud Attacks	Inside bank (staffed) Physical Attacks
Inside store / shop	Inside store / shop Fraud Attacks	Inside store / shop Physical Attacks
Inside shopping mall / shopping center	Inside shopping mall / shopping center Fraud Attacks	Inside shopping mall / shopping center Physical Attacks
Transport hub (e.g. train station, bus station)	Transport hub (e.g. train station, bus station) Fraud Attacks	Transport hub (e.g. train station, bus station) Physical Attacks
Other off-premise location	Other off-premise location Fraud Attacks	Other off-premise location Physical Attacks

Comments:

Question Title

* 7. Please rank the top (3) three PHYSICAL ATTACK methods that concern you the most, even if you don't feel it is increasing. If possible, please estimate costs and losses associated with each type of attack you've experienced.

	Highest Concern	2nd Highest Concern	3rd Highest Concern
Theft of ATM	Theft of ATM Highest Concern	Theft of ATM 2nd Highest Concern	Theft of ATM 3rd Highest Concern
Theft from ATM using explosives	Theft from ATM using explosives Highest Concern	Theft from ATM using explosives 2nd Highest Concern	Theft from ATM using explosives 3rd Highest Concern
Theft from ATM (e.g. cutting etc.)	Theft from ATM (e.g. cutting etc.) Highest Concern	Theft from ATM (e.g. cutting etc.) 2nd Highest Concern	Theft from ATM (e.g. cutting etc.) 3rd Highest Concern
Damage to cabinet, top-box, fascia	Damage to cabinet, top-box, fascia Highest Concern	Damage to cabinet, top-box, fascia 2nd Highest Concern	Damage to cabinet, top-box, fascia 3rd Highest Concern
Other Physical Attacks	Other Physical Attacks Highest Concern	Other Physical Attacks 2nd Highest Concern	Other Physical Attacks 3rd Highest Concern

For each type of attack, please state type of attack and estimate costs and losses per year AND per incident

Question Title

* 8. Please rank the top (3) three FRAUD ATTACK methods that concern you the most, even if you don't feel it is increasing. If possible, please estimate costs and losses associated with each type of attack you've experienced.

	Highest Concern	2nd Highest Concern	3rd Highest Concern
Skimming	Skimming Highest Concern	Skimming 2nd Highest Concern	Skimming 3rd Highest Concern
Eavesdropping	Eavesdropping Highest Concern	Eavesdropping 2nd Highest Concern	Eavesdropping 3rd Highest Concern
ATM malware for card data	ATM malware for card data Highest Concern	ATM malware for card data 2nd Highest Concern	ATM malware for card data 3rd Highest Concern
Network packet sniffing (card data)	Network packet sniffing (card data) Highest Concern	Network packet sniffing (card data) 2nd Highest Concern	Network packet sniffing (card data) 3rd Highest Concern
Shimming chip card data	Shimming chip card data Highest Concern	Shimming chip card data 2nd Highest Concern	Shimming chip card data 3rd Highest Concern
Card trapping	Card trapping Highest Concern	Card trapping 2nd Highest Concern	Card trapping 3rd Highest Concern
Transaction reversal fraud	Transaction reversal fraud Highest Concern	Transaction reversal fraud 2nd Highest Concern	Transaction reversal fraud 3rd Highest Concern
Cash trapping	Cash trapping Highest Concern	Cash trapping 2nd Highest Concern	Cash trapping 3rd Highest Concern
Jackpotting dispenser (malware)	Jackpotting dispenser (malware) Highest Concern	Jackpotting dispenser (malware) 2nd Highest Concern	Jackpotting dispenser (malware) 3rd Highest Concern
Jackpotting dispenser (black boxes)	Jackpotting dispenser (black boxes) Highest Concern	Jackpotting dispenser (black boxes) 2nd Highest Concern	Jackpotting dispenser (black boxes) 3rd Highest Concern
Fake deposits	Fake deposits Highest Concern	Fake deposits 2nd Highest Concern	Fake deposits 3rd Highest Concern
Deposit machine compromise	Deposit machine compromise Highest Concern	Deposit machine compromise 2nd Highest Concern	Deposit machine compromise 3rd Highest Concern
Other fraud attacks	Other fraud attacks Highest Concern	Other fraud attacks 2nd Highest Concern	Other fraud attacks 3rd Highest Concern

For each type of attack, please state type of attack and estimate costs and losses per year AND per incident

Question Title

* 9. If known, please indicate your experience with the technical characteristics of devices and attack methods used to compromise your ATMs.

	Yes	No	Unknown
Skimming devices are getting smaller	Skimming devices are getting smaller Yes	Skimming devices are getting smaller No	Skimming devices are getting smaller Unknown
External skimming devices have their read head positioned 0 to 3 cm from the actual card slot	External skimming devices have their read head positioned 0 to 3 cm from the actual card slot Yes	External skimming devices have their read head positioned 0 to 3 cm from the actual card slot No	External skimming devices have their read head positioned 0 to 3 cm from the actual card slot Unknown
External skimming devices have their read head positioned 3 to 5 cm from the actual card slot	External skimming devices have their read head positioned 3 to 5 cm from the actual card slot Yes	External skimming devices have their read head positioned 3 to 5 cm from the actual card slot No	External skimming devices have their read head positioned 3 to 5 cm from the actual card slot Unknown
External skimming devices have their read head positioned 5 to 8 cm from the actual card slot	External skimming devices have their read head positioned 5 to 8 cm from the actual card slot Yes	External skimming devices have their read head positioned 5 to 8 cm from the actual card slot No	External skimming devices have their read head positioned 5 to 8 cm from the actual card slot Unknown
Analogue skimming technology	Analogue skimming technology Yes	Analogue skimming technology No	Analogue skimming technology Unknown
Digital skimming technology	Digital skimming technology Yes	Digital skimming technology No	Digital skimming technology Unknown
Stereo skimming technology	Stereo skimming technology Yes	Stereo skimming technology No	Stereo skimming technology Unknown
Making of a hole in the fascia near card slot to attach eavesdropping devices, black boxes or install malware	Making of a hole in the fascia near card slot to attach eavesdropping devices, black boxes or install malware Yes	Making of a hole in the fascia near card slot to attach eavesdropping devices, black boxes or install malware No	Making of a hole in the fascia near card slot to attach eavesdropping devices, black boxes or install malware Unknown
Making of a hole elsewhere in the ATM to attach eavesdropping devices, black boxes or install malware	Making of a hole elsewhere in the ATM to attach eavesdropping devices, black boxes or install malware Yes	Making of a hole elsewhere in the ATM to attach eavesdropping devices, black boxes or install malware No	Making of a hole elsewhere in the ATM to attach eavesdropping devices, black boxes or install malware Unknown
Opening the cabinet or top-box door to attach eavesdropping devices, black boxes or install malware	Opening the cabinet or top-box door to attach eavesdropping devices, black boxes or install malware Yes	Opening the cabinet or top-box door to attach eavesdropping devices, black boxes or install malware No	Opening the cabinet or top-box door to attach eavesdropping devices, black boxes or install malware Unknown
Eavesdropping devices were found attached to the pre-head of the genuine card reader	Eavesdropping devices were found attached to the pre-head of the genuine card reader Yes	Eavesdropping devices were found attached to the pre-head of the genuine card reader No	Eavesdropping devices were found attached to the pre-head of the genuine card reader Unknown
Eavesdropping devices were found attached to the read head of the genuine card reader	Eavesdropping devices were found attached to the read head of the genuine card reader Yes	Eavesdropping devices were found attached to the read head of the genuine card reader No	Eavesdropping devices were found attached to the read head of the genuine card reader Unknown
Eavesdropping devices were found attached to the electronics of the genuine card reader	Eavesdropping devices were found attached to the electronics of the genuine card reader Yes	Eavesdropping devices were found attached to the electronics of the genuine card reader No	Eavesdropping devices were found attached to the electronics of the genuine card reader Unknown

Comments:

Question Title

* 10. What percentage of your ATMs have physical security and anti-fraud countermeasures deployed?

	More than 75%	Between 75-25%	Less than 25%
Physical security countermeasures	Physical security countermeasures More than 75%	Physical security countermeasures Between 75-25%	Physical security countermeasures Less than 25%
Anti-fraud countermeasures	Anti-fraud countermeasures More than 75%	Anti-fraud countermeasures Between 75-25%	Anti-fraud countermeasures Less than 25%

Question Title

* 11. In your opinion, how effective are the countermeasures you have in place?

	Very Effective	Moderately Effective	Ineffective
Physical security countermeasures	Physical security countermeasures Very Effective	Physical security countermeasures Moderately Effective	Physical security countermeasures Ineffective
Anti-fraud countermeasures	Anti-fraud countermeasures Very Effective	Anti-fraud countermeasures Moderately Effective	Anti-fraud countermeasures Ineffective

Please describe the type of countermeasures deployed and indicate how they have helped to prevent criminals from targeting your ATMs.

Question Title

* 12. What are your plans to invest in new countermeasures over the next 12 months?

Plan to invest much more

Plan to invest slightly more

No change in investment

Plan to invest slightly less

Plan to invest much less

Comments:

Question Title

* 13. Do you currently have ATMs deployed using biometrics or plan to do so in the future?

Currently have ATMs deployed using biometrics

Plan to deploy biometrics in the future

No plans to deploy biometrics in the future

Please indicate the type of biometric (or other enhanced authentication method) chosen and why

Question Title

* 14. Please explain which types of attack, if any, you experienced for the first time over the last 12 months.

Question Title

* 15. Please explain if you have any concerns about ATM crime over the next 12 months, regardless if you have experienced an attack.

Question Title

* 16. Regarding security, what topics would you like ATMIA to focus on over the next 12 months?

Question Title

* 17. Please share your observations, provide comment, opinion and/or share advice for other ATMIA members regarding the security of ATMs.

Question Title

* 18. To receive a copy of the executive summary and be entered into the drawing, please provide your contact information.

Name:

Company:

Email Address:

Phone Number:

Thank you for taking the time to help us identify the top global fraud and security issues facing the ATM industry.