The growing threat of digital ATM crime
Published: Thursday, October 23, 2025
By Dolphin Debit
ATM crime continues to grow across the country. Criminals are exploiting vulnerabilities from multiple directions. Physical attacks on the ATM are growing in addition to attacks on ATM personnel and armor-CIT providers. But we’re going to focus this article on the digital side of ATM crime.
The Man-in-the-Middle Attack Explained
Digital attacks are hitting ATMs across the U.S. and the rest of the world. The most recent digital attack is known as the man-in-the-middle attack. With this attack, the criminal gains access to the ATM hardware. Typically, through the top hat of an island ATM. But they can also perform the same attack on lobby style ATMs.
The criminal gets access to the CPU of the ATM and puts the PC between the ATM components and CPU. With direct access to the ATM hardware the criminal can direct the ATM to dispense cash. This is done without cardholder data. So, there are no personal accounts affected. The ATM is drained of its cash, and no one is aware until a cardholder attempts a withdrawal and is denied due to lack of funds in the unit.
Why ATMs Are Vulnerable
Unfortunately, all ATM manufacturers produce a standard key that unlocks the top hat of their ATMs. Making it easy for criminals to gain access to the internal workings of the ATM. Although this seems like a misstep by the manufacturers, imagine entrusting armor/CIT and maintenance providers to keep a unique access key for every ATM they service. A technician would carry 75+ unique keys on their hip at all times.
How to Strengthen Your ATM Defenses
Security companies have alarms, sirens, and strobes they can place in the top section of the ATM to help deter these criminals. Alarms don’t always work, but even slowing down the attack can enable police in disrupting the crime before cash is dispensed.
This attack usually happens after hours and isn’t realized until later the next day when cardholders complain that the ATM isn’t dispensing even though the system shows that it has plenty of cash. The system still thinks it has cash because the link between the CPU and ATM hardware was cut when the cash was removed.
These attacks can be devastating for a financial institution of any size. What’s worse is once a vulnerability is found the criminals immediately look for other ATMs in the financial institution’s fleet they can attack next. And they can hit several ATMs in several hours. It is imperative that you ensure your ATM operator is taking all the necessary steps to protect your devices from this type of attack. You shouldn’t need to add language to an agreement or agree to pay anything out of pocket for any upgrades or changes necessary to put these parameters in place.
Interested in learning more about Dolphin Debit and how its solutions can support your credit union’s goals? Carrick Professionals proudly partners with trusted providers like Dolphin Debit to bring effective, forward-thinking tools to the credit union movement. Contact us or use our online matching tool to explore this and other solutions that may be right for your organization.