Banks warned about ATM attacks

U.S. regulators are warning banks to be on the lookout for a new cybersecurity threat to cyber security software that allows thieves to make unlimited withdrawals. Experts issued a notice saying a scam has figured out a way to get around the caps set on ATMs. The attacks are against ATM web-based control panels used by small and midsized core banking systems, the agency says.

Those control panels manage several things, including fraud alert settings and the amount of money that customers may withdraw from the ATM within a set time frame. Then, the attackers quickly withdraw large amounts of cash from the ATMs, often striking on weekends because ATMs tend to have more money on the weekends. The agency’s statement said one such attack was able to net more than $40 million, using just 12 debit card accounts.

If your core banking software is one that is compromised, federal laws and regulations ensure that you’ll get your money back. However, sometimes that takes time, and almost certainly is an inconvenience if your account is the one breached. This latest alarm comes as banks across the country deal with Microsoft’s April 8 cutoff of tech support for its Windows XP operating system, potentially leaving corporate banking software more vulnerable to attacks.

Cybersecurity is becoming an increasingly big topic of discussion in the financial world, particularly since the massive Target data breach at the end of last year. Police in Maine are investigating after an ATM in south Portland dispensed $37,000 in cash to a man who requested $140. The money was returned to the bank, and the bank is referring to the core banking system issue as a “code error,” but police are still investigating.