Federal regulators on Wednesday issued a warning to banks that an increasing number of cyber-attacks are targeting ATM machines.
The attacks, which the U.S. Secret Service have classified as unlimited operations, allow fraudsters to withdraw funds beyond the cash balance in customer accounts or other limits applied to ATM withdrawals.
The cyber-attacks include the use of malware installed on a bank’s network. Once ATM settings are changed, stolen PIN numbers and other account information are used to withdraw funds.
According to the report, a recent attack netted thieves more than $40 million using just 12 debit card accounts.
The Federal Financial Institutions Examination Council, which consists of officials from the Federal Reserve, FDIC and other groups, said banks should take appropriate steps to prevent fraud.
“Cyber-attacks on financial institutions to gain access to, and alter the settings on, Web-based ATM control panels used by small- to medium-sized institutions are on the rise,” the FFICEC said.
The memo from regulators follows wide-scale attacks at Target (TGT) and other retailers. Meanwhile, Microsoft (MSFT) is ending support for its Windows XP operating system, which many banks use for ATMs.