The Federal Bureau of Investigation (FBI) is warning banks that cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an “ATM Cash-Out,” in which they hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours.

This type of attack is not new!

*** We have seen this type of attack before; your ATM is NOT doing anything wrong, it is an attack against the host processor and/or the bank, NOT the ATM. ***

Organized cybercrime gangs that coordinate ‘Cash Out’ attacks typically do so by hacking or phishing their way into a bank or payment card processor. Just prior to executing an ATM ‘Cash Out’, the intruders will remove many fraud controls at the financial institution, such as maximum ATM withdrawal amounts and any limits on the number of customer ATM transactions daily. The perpetrators also alter account balances and security measures to make an unlimited amount of money available at the time of the transactions, allowing for large amounts of cash to be quickly removed from the ATM. These cyber criminals typically create fraudulent copies of legitimate cards by sending stolen card data to co-conspirators who imprint the data on reusable magnetic strip cards, such as gift cards purchased at retail stores, states FBI sources; “At a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards”.

What can I do to protect myself?                     

  • If you are not EMV upgraded, you’re potentially more susceptible to this attack. The money mules may seek out non-EMV ATMs in an effort to maximize their success.
  • Even if you are upgraded, there is a cause for concern. There have been fraudulent attacks where cybercriminals will use an EMV card with a bad chip to force a fallback transaction. The latest versions of software from GENMEGA and Hyosung, available at; allow you to disable fallback at the ATM. Enabling this feature could possibly safeguard the operator from fraudulent losses.