DENVER — Federal officials issued an urgent warning to banks on Wednesday, after noticing an increased number of cyber-attacks on ATMs.
According to the secret service, thieves have been able to access ATM software and install malware that allows them to withdraw more than the available cash balance on an account.
In one case, thieves used stolen card and PIN numbers from 12 debit card accounts to withdraw more than $40 million.
The cyber-attacks come as banks are already preparing for a change that could put more ATMs at risk to hackers.
Next week Microsoft is ending security support for Windows XP, an operating system that the vast majority of bank ATMs run.
“It is surprising,” said Kelly Marlett, a US Bank customer. “That is really old software.”
“That’s very concerning,” said Linda McCullough, a Chase Bank customer.
Experts say the biggest concern isn’t that Windows XP is outdated.
“It was a horrible idea to ever make (Windows XP) for ATMs to begin with,” said Andrew Urbaczewski with the University of Denver Daniels College of Business. “Now we’re winding up paying the price for it.”
Banks turned to Windows XP because it was easier for customers to use, but new warnings from federal authorities demonstrate how it also made it easier for criminals to target ATMs.
The banks are working to address the problem. Chase is planning to upgrade its ATM software to Windows 7 in July. In the meantime they and several other banks will be paying Microsoft to extend their security support.
“The best things consumers can do is to just be vigilant,” Urbaczewski said.
Unlike the banks, which rely on Windows XP for their ATMs, independent ATM servicing companies do not face the same risks to software.\
Rocky Mountain ATM, which owns many of the stand-alone machines you see at convenience stores around Denver, has not had to make any changes.
“There shouldn’t be any concern at all because I do not believe that any of (our ATMs) are XP based,” said Simon Clarke, general manager for Rocky Mountain ATM. “So there will be no need for a software upgrade.”
Though Chase customer Linda McCullough is glad to know her bank is taking extra steps, she says she may as well.
“You absolutely have to be careful and if that is going to continue to be an issue then I would just go inside and do my transactions that way if it is going to be a security issue,” McCullough said.