When you hear the news that someone has hit the jackpot, your initial reaction might be one of happiness for the winner combined with envy that it wasn’t you winning the money.

But the so-called “jackpotting” ATMs  that have made headlines lately aren’t something to celebrate, at least for consumers and banks.

The term ATM “jackpotting” refers to when fraudsters install malware or manipulate ATMs to allow them to withdraw large amounts of money. Jackpotting has been prevalent in Europe and Asia for some time but only recently has been seen in the U.S.

It’s important to note that this type of fraud doesn’t affect consumers’ cash, according to Ken Justice, who manages PNC’s 9,000 ATMs. In this way, it’s less damaging to consumers than skimming fraud, which occurs when cardholders’ card information is stolen and used to remove money directly from their accounts.

“Jackpotting is also extremely rare because of the difficulty in pulling it off,” Justice said.

There are two primary ways the bad guys can access an ATM to conduct a jackpotting attack.

In the first type of attack, the perpetrators open the top of an ATM to install malware on the hard drive, which allows them to make withdrawals of about 50 notes per minute. However, at this rate, it can take several hours to empty an ATM and require a team of three or more people to complete.

In the second type of attack, thieves insert an endoscope – the same type of device used in some surgical procedures – through an ATM’s cash withdrawal slot. Fraudsters can then push a button in the ATM safe to initiate cash dispensing.

The good news for consumers is that these attacks, while bold, remain infrequent, and banks are developing defenses to combat the criminals.

Also of note is that the attacks are most effective against ATMs with older operating systems. All of PNC’s ATMs have up-to-date software, Justice said.

“Banks are finding ways to thwart these attempts and clamp down on these types of attacks,” he said. “As bad actors continue to evolve their attack methods, we will continue to do our best to stay one step ahead of them with our countermeasures.”

As the bad guys try new tactics, we’re continually working to stop them before they affect customers’ accounts and money.

– Ken Justice