ATM Jackpotting and Unlimited Operations
Monday, July 15, 2019
1:30 pm – 3:30 pm CT
Recommended for 2.5 CE Credits
Hopefully you have experienced that rewarding sensation when a casino slot machine dispenses quarters endlessly in your plastic money bucket. In some cases, with larger payouts, a casino employee may come over and give you cash or a check. Now imagine sitting there at our slot machine when $20,000 in bills shoot out.
Cybercriminals know ATMs are loaded with cash and are investing significant resources in exploiting systems to extract the money. In some cases, causing the cash to shoot out from the ATM. The FFIEC has posted guidance around ATMs to bring awareness to “Unlimited Operations” fraud schemes. We have also seen ATM Jackpotting by infected it with malware from USB devices, attacked with advanced slim skimmers “shimmers”, and hacked via network connections. This session is intended to ensure that ATM security has moved up on your radar and been properly integrated into your risk assessment program.
In this session, we will explain the differences between ATM Jackpotting and ATM Unlimited Operation. We will also explore some of the guidance around ATMs, the latest ATM crime trends, new security controls to mitigate risk, and how you can integrate your ATMs into your Information Security Program.
- ATM Jackpotting
- ATM Unlimited Operations
- FFIEC, FBI, and US-CERT Guidance
- Real images and examples of ATM compromises
- Risk Assessment suggestions to select appropriate controls
- Policy and procedures to implement controls
- Technical Assessments for ATMs
- Auditing methods for ATMs
Who Should Attend:
Information Security Officer, IT Manager, Risk Officer, Internal Auditor, and Executives looking to understand the ATM Cybersecurity Risks.
Chad Knutson is a co-founder and Senior Information Security Consultant for SBS CyberSecurity, a premier cybersecurity consulting and audit firm dedicated to making a positive impact on the banking and financial services industry, and has served as President of the SBS Institute since 2013. Chad maintains his CISSP, CISA, and CRISC certifications, and received his Bachelor of Science in Computer Information Systems and his Master of Science in Information Assurance from Dakota State University.
Chad is dedicated to educating industry professionals about cybersecurity. While consulting with financial institutions, he saw the need to empower employees to be better prepared to confidently handle cybersecurity threats, create and manage strong information security programs, and understand ever-changing regulations at their institution. He was a driving force in the development of the SBS Institute certification program, which is uniquely designed to serve the banking industry by providing banking specific, role-based certifications cyber education. The SBS Institute has grown to include over ten certifications and State Association partners in over 30 states.