ATM attacks have been rampant since 2018 and are showing no signs of letting up. For several years, “hook and chain” attacks were the most common method of ATM theft. To mitigate this type of theft risk, many banks erected physical barriers.
More recent incidents, however, involve individuals using generic or master keys to unlock a machine’s exterior chassis or endoscopes to get inside an ATM — no trucks required.
Shockingly, these can easily be purchased on the internet. The criminals then tamper with the machine’s hard drives to install malware, ultimately resulting in the disbursement of cash. This is known as “jackpotting.”
The U.S. Secret Service has reported an increase in ATM jackpotting over the last six months. The attacks are believed to be the work of organized criminal groups and target multiple ATM manufacturers.
With generic or master keys, criminals access an ATM’s chassis and remove and/or install malware using various methods such as a USB port device which then allows them to reboot the onboard PC using the compromised media and issue dispense commands, allowing them to deplete the ATM of cash. These commands can be sent remotely using either a laptop or cell phone, allowing them to avoid engaging directly with the ATM machine. In some cases, magnets are also used in conjunction to unlock an ATM’s exterior.
In one such case, security video captured images of several people repeatedly accessing an ATM and removing large amounts of cash. The individuals were staged in a nearby parking lot and made a total of 48 trips to the ATM. It is suspected that the thieves had a master key, a small gold key with a rounded base and teeth on both sides, that allowed them easy access to the machine. Police ultimately apprehended the individuals and found a mobile Wi-Fi device, laptop and USB cables in their vehicle.
Thieves may also use an endoscope (similar to the slim, flexible instrument used in medical procedures) to reach the internal mechanism of the machine, where they can attach a cord that allows them to sync their laptop with the ATM’s computer. After installing malware, the perpetrators will contact co‑conspirators, who can remotely control the ATMs and force the machines to dispense cash. Such mechanisms can dispense a hundred bills in about a minute.

To mitigate risk of loss, financial institutions should proactively work with their ATM manufacturers to ensure that all machines in use are up to date on current security protocols. This should include:
- Limiting physical access to ATMs.
- Installing machine-specific keys to avoid easy access through master keys.
- Implementing additional access controls for service technicians.
- Ensuring ATM hard drives are encrypted.
- Ensuring network communications use TLS encryption.
- Ensuring that all components (operating system, firmware, software, etc.) include the latest updates.
- Installing an ATM alarm to help detect an attack and ward off criminals.
- Ensuring alerts are triggered when an ATM goes offline with a more immediate response time.
- Neutralizing cash to make it unusable to attackers through the use of cassettes with ink-staining solutions.
ABA Insurance Services, a member of Great American Insurance Group, is a long-term, reliable and stable source of D&O, Bond, Cyber Liability, and P&C insurance for financial institutions, including trust companies and banks in formation. Our unique insurance program, co-endorsed by the West Virginia Bankers Association and American Bankers Association, has been committed to serving and supporting financial institutions by providing quality insurance and excellent customer service for over 35 years. Excess insurance and STAMP surety bonds are also available. For more information on risk management, please visit abais.com/Insights or contact ABA Insurance Services’ Patricia P. Williams at (410) 960-6878 or ppwilliams@abais.com.
The facts of any potential claims situation which may actually arise, and the terms, conditions, exclusions, and limitations in any policy in effect at that time, are unique. Thus, no representation is made that any specific insurance coverage applies. This information provides guidance and is not intended as a legal interpretation of any federal, state or local laws, rules or regulations. ABA Insurance Services Inc. (ABAIS) does not warrant that all potential hazards or conditions have been evaluated or can be controlled. The liability of ABAIS and its affiliates is limited to the terms, limits and conditions of the insurance policies issued by ABAIS. © 2025 Great American Insurance Company. All rights reserved. ABA Insurance Services Inc. dba Cabins Insurance Services in CA (CA license #0G63200, 2G63200), ABA Insurance Services of Kentucky Inc. in KY and ABA Insurance Agency Inc. in MI. 3401 Tuttle Road, Ste. 300, Shaker Hts, OH, 44122.