Get Started.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get Started.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Cook Solutions Group

Defending Against Jackpotting Threats: A Comprehensive Guide

January 5, 2024

How to detect and protect against ATM Fraud and Attacks?  
View ATM Terminal Security solutions & video


As the digital landscape continues to evolve, so do the methods employed by criminals seeking illicit gains. In 2018, the U.S. Secret Service sounded the alarm on a burgeoning threat – jackpotting attacks. Defined as a sophisticated form of criminal activity, jackpotting involves the installation of malicious software and/or hardware at Automated Teller Machines (ATMs), compelling these financial terminals to dispense substantial amounts of cash at the whims of criminals.This paper delves into the intricacies of logical jackpotting attacks, shedding light on the methods perpetrators employ to gain physical access to ATMs, manipulate their operations with malware and/or specialized electronics, and exploit vulnerabilities in the system. Furthermore, it outlines practical steps and cutting-edge solutions CSG offers, such as rekeying ATMs, implementing SANLoitering technology, and adopting the CSG Security + solution which uses CylancePROTECT from Blackberry, aimed at mitigating the risk posed by this sophisticated and evolving form of financial cybercrime.

Introduction: What is jackpotting?

In 2018, the U.S. Secret Service published an article issuing a warning surrounding increasing jackpotting attacks. Jackpotting is defined by the U.S. Secret Service as:

“a sophisticated crime in which thieves install malicious software and/or hardware at ATMs that force the machines to dispense huge volumes of cash on demand. To execute a jackpotting attack, perpetrators must gain physical access to the cash machine and install malware, or specialized electronics, or a combination of both to control the operations of the ATM.” (U.S. Secret Service Media Relations)

The Problem: How does it happen?

Per the definition above, two things must take place for a logical malware based jackpotting attack to occur. The first thing needed by a perpetrator is physical access to the machine. Physical access is easy to obtain with a quick search on the internet for a “universal ATM key”. These can be ordered on Amazon, eBay, and many other online platforms. Once physical access has been obtained, the criminal(s) will install malware on the machine via an open port (USB orEthernet). This malware takes advantage of the software on the ATM and tells the machine to dispense all the cash in the cassettes. This is not tied to acard or any specific account.  Other forms of jackpotting attacks include a man in the middle attack and black box attacks.

The Solution: What steps can I take to mitigate my risk?

CSG recommends rekeying all ATMs to ensure that physical access much harder to obtain.Rekeying your ATM will not prevent a perpetrator from attempting to jimmy a lock, or even break a fascia. For this reason, we also recommend alarming the top hat of the ATM and our With the SAN solution, an overhead camera will detect if a person is loitering at the machine for a longer than expected time frame without doing a transaction and the footage is then reviewed to determine the appropriate action to take. To lock down the ports on the inside of the machine, CSG strongly recommends our Security + solution which is included withour RemoteView solution. In addition to the mitigation tools CSG provides, we also strongly recommend that ATM owners work with your ATM hosts to ensure the communications are encrypted with TLS 1.2 or greater to protect your network traffic against other threats.  

Written By:

Alyssa Knapp

CSG Financial Technology Solutions Consultant


Cook Solutions Group. (n.d.). Application Control & Patch Management. Retrieved from Cook Solutions Group:

Cook Solutions Group. (n.d.). Cook Solutions Group. Retrieved from ATM Fraud Deterrents:

Lott, D. (2022, March 21). ATM Jackpotting Attacks Getting Clever. Retrieved from Federal Reserve Bank of Atlanta:

U.S. Secret Service Media Relations. (2018, January 26). Secret Service Warns of Sophisticated ATM Jackpotting Attack. Retrieved from United States Secret Service:

CSG's unique approach against multiple types of ATM fraud.

Our strategy extends beyond traditional surveillance, incorporating real-time monitoring, intelligent analytics, and proactive threat detection. Our approach is based on a layered security strategy that addresses various vulnerabilities, including:

  • Hook & Chain, Physical Attacks: Fortify terminals against brute force attacks aiming to extract cash.
  • Reg E Claims: Support compliance with Regulation E by providing evidence and transaction verification to resolve disputes.
  • Software Vulnerabilities: Utilize AI based  Endpoint Security to shield the ATM operating system from malware and other cyber threats.
  • Data Compliance: Ensure the confidentiality and integrity of data stored on terminal hard drives using hard drive encryption.
  • Card Skimming, Deep Insert and Cash Harvesting: Prevent unauthorized data capture and cash removal from terminals.
  • Terminal Jackpotting: Guard against unauthorized software manipulation aiming to dispense cash fraudulently.
  • Cash Dispensing and Cash Trapping: Secure dispensing mechanisms from tampering and unauthorized cash trapping devices.
  • Transaction Reversal Fraud (TRF): Protect against manipulation techniques that reverse transactions to withdraw cash.
  • Man-in-the-Middle (MITM) Attacks: By placing a device between the ATM and the Host, attackers pursue objectives such as interception, eavesdropping, modification, and impersonation.

Schedule an Intro