ATM Fraud: In view of the increasing ATM fraud, all banks have been asked to further strengthen the security rules of their ATMs through end-to-end encryption in the network. In a conversation with banks a few days ago, the government told the banks that the attacks in Man in the Middle (MiTM) have increased rapidly.
New Delhi: ATM Fraud: In view of the increasing ATM fraud, all banks have been asked to further strengthen the security rules of their ATMs through end-to-end encryption in the network. In a conversation with banks a few days ago, the government told the banks that the attacks in Man in the Middle (MiTM) have increased rapidly. In this, the fraudster takes the message sent to ‘ATM Host’ from ‘ATM Switch’ in the middle and changes it and fraudulently withdraws the cash.
New way to fraud ATM
A security official associated with the case said that during investigations, security agencies have found that cyber fraud gangs started working on new methods to withdraw money from ATMs. According to investigators, fraudsters first tamper with ATM’s network cable LAN). By altering the Declined message sent by ‘ATM Switch’, they convert it into a ‘successful cash withdrawal transaction’, by which they withdraw cash from the ATM.
This is how ATM fraud happens
These fraudsters first connect a device between the ATM machine and the router or switch in the ATM area. With the help of this device, we would change the response coming from the ATM Switch, which is connected to the ATM through the network. After this, these attackers use block cards to withdraw money. When the ‘ATM Switch’ sends a declined message, the fraudster sitting in the middle changes the message and converts the transaction from declined to Approved, and withdraws the cash from the ATM. The official said that banks have been asked to ensure end-to-end encryption between ‘ATM Terminal’ or PC and ‘ATM Switch’.
Incidents of banking fraud are increasing every year
A similar advisory has also been issued by the Reserve Bank of India (RBI). According to information provided by the Indian Computer Emergency Response Team (CERT-In), 1,59,761 incidents of cyber security in digital banking were reported in 2018, to 2,46,514 in 2019, 2 in the year 2020, 90,445 incidents have been reported. These incidents include website hacking, virus network scanning. CERT-In is a national technology company whose job is to protect the Indian cyber sector from cyber attack.
