Oklahoma Bankers Association We make bankers better!
Get ready Oklahoma as there has been a significant increase in ATM attacks predicted in the coming days and weeks.
Deep Insert Skimmers
Reports received of ATMs being targeted with deep-insert skimmers and pinhole cameras in a neighboring state.
WHAT TO LOOK FOR:
- You will not see a deep-insert skimmer in the card-reader slot, but you may see additional facades/devices attached to the ATM above or next to the keypad, which is a pinhole camera.
- Residue or damage where a facade piece containing the pinhole camera may have been.
- Suspicious persons taking photos of the ATM or tampering with the machine.
- There may be fault errors on the ATM if the skimmer is inserted incorrectly and cards get stuck or unable to read.
Examples of pinhole cameras, designed to look like part of the machine:
WHAT TO DO:
- Regularly check your ATMs; take a photo of your skimmer-free ATM ahead of time to use as a guide in identifying variances.
- If a skimmer or pinhole camera is detected, take the ATM down – DO NOT TOUCH OR REMOVE any pieces. Leave the devices and call law enforcement and a technician.
- File a police report.
- Share the skimmer information with other financial institutions using CrimeDex, OBA’s free-to-use Debit/Credit Card Fraud Groupsite or email sharon@oba.com.
- If ATM cashout fraud occurs before the skimmer is detected – locate the common point of compromise (the ATM skimmer location).
- File a police report.
- Begin reviewing surveillance to determine when the skimmer was placed and/or removed – they are usually only placed for a few hours during the day.
- Provide photos of the suspects, vehicle tag number (VERY IMPORTANT) and any details you can to law enforcement.
- These crews usually case the ATMs earlier in the day or a couple days before – sometimes without obstructed faces.
- Secure the compromised cards ASAP (used during the exposure window while the skimmer was on the ATM).
- Contact your customers,and reissue cards – at the very least change the PIN numbers while you contact customers.
- Provide photos of the suspects, vehicle tag number (VERY IMPORTANT) and any details you can to law enforcement.
Direct Memory Access (DMA) Attacks
See the Active Security Alert published in April 2025 by Diebold Nixdorf. On Nov. 2, several ATMs in the Oklahoma City area suffered DMA attacks. During the cash-out, the suspect had the machine dispensing bills about every 40 seconds.
OBA suggests all member banks contact their ATM service providers to discuss options for protecting their machines from skimming, jackpotting and DMA attacks.
ATM DMA ATTACK – COUNTERMEASURES
- Limit physical access to terminal.
- 24/7 accessible terminals have inherit higher risk.
- Monitor for suspicious activity.
- Unexpected shutdowns/reboots – HW/SW events.
- Disable unused ports in BIOS.
- Ensure BIOS password management.
- Harden software stack.
- Intrusion protection/group policy/HW dependent HDE solutions.
- Microsoft kernel DMA protection.
- Requires IOMMU and Windows 10 LTSC 2019 or later.
We would also suggest contacting your insurance provider to determine what level of coverage you have for these types of attacks.