Wednesday, April 2, 2025

Organized ATM jackpotting groups still active, affects insurance coverage for banks

A search for key word “jackpotting” in OBA.com returns Fraud Alerts and other stories dating back to 2018.

In 2024, we mentioned the increase in these ATM attacks on June 3, Aug. 19, Oct. 28, and Nov. 1. Jackpotting is a term used to describe cyber attacks on ATMs with the intent to illegally dispense cash without debiting an account. These man-In-The-middle attacks can drain an ATM quickly.  On March 21, attacks were attempted on NCR ATMs in Oklahoma City and Edmond. On Monday, attacks were attempted on Diebold ATMs/ITMs in the Clarksville, Arkansas, area.

The cash inside the ATMs is covered by your financial institution bond. The damage that occurs to the ATM during an attack is normally covered by the property and casualty policy. Insurance carriers may now require ATMs to be updated to bind coverage on the financial institution bond. Some carriers are requiring a bank’s ATMs to be re-keyed so a master or universal key cannot open them (jackpotting mitigation). Carriers may also require concrete rebar pillars that protect the front of stand-alone ATMs (hook-and-chain burglary mitigation). Some banks are installing ATM cages. These cages help protect the machine from jackpotting and hook-and-chain attacks.

For additional bank guidance, see this Fraud Alert from June 6, 2024.