It is said that a chain is only as strong as its weakest link.  Often the same is said for an organization’s data privacy & security defensives. Could it be that the ubiquitous ATM machine is the weak link to the banking system?  Thursday, July 14, reported that in Taiwan, thieves, possibly using a cellular device, hacked into 41 separate ATM machines and made off with the equivalent of approximately $2.2 Million. Taiwan’s largest bank was forced to freeze transactions on 1,000 of its ATM machines, which represents about 4 percent of the country’s ATM population. All 41 hacked machines were manufactured by the same vendor, Wincor Nixdorf.  Wincor Nixdorf has stated it is aware of the thefts and is working with police and the bank on the issue.  It further stated that the vulnerability exists irrespective of manufacturer. Three different types of malware have been identified as the tools used to commit the thefts.

The hacking and stealing from ATM machines is on the rise in Asia and, reporting on the same story on Sunday, July 17, wrote that in May several individuals stole approximately $13 Million in less than three hours from ATMs in Japan. Several arrests have been made in the Taiwanese incident and a little over half of the money was recovered from a hotel room.

With almost a half a million ATM machines in the United States, the question is when, not if, will we see similar large heists in the U.S. and what effect will it have on the ATM banking industry? Citigroup is currently working with ATM maker Diebold on two new models, one that requires a retina scan for authentication and a second that requires an application running on the customer’s smartphone.