Update to Transaction Reversal Fraud at ATMs

June 2, 2023
Transaction Reversal Fraud ATM

Case Financial is closely monitoring updates on the Transaction Reversal Fraud (TRF) in the United States. NCR recently issued an important update and response on how to mitigate these attacks. Their full release is below.

In these TRF attacks, the criminal uses a tool to break the shutter off the ATM which provides access to pull notes from the exposed S2 dispenser cash transport shuttle.

NCR recently issued a security alert to warn ATM deployers of an escalation of TRF attacks against NCR ATMs in the United States. These attacks have since spread across several cities in the U.S., and we are aware of attacks in the U.K. Industry reports have also identified similar attacks on other vendors ATM’s in Europe.

In response, NCR advised software setting changes be made in the base XFS platform layer or in the ATM application flow to mitigate losses due to these attacks. NCR also released packages that could be used in the North American Activate Enterprise (AE), Edge and USN application environments to apply the recommended platform setting change.

At this time, we are issuing an update to announce that software changes are being developed that can detect this class of TRF. NCR recommends that ATM deployers treat these software updates as critical and apply to ATMs at the earliest opportunity. Any ATM that does not have this software update is at risk of cash losses due to TRF.

Software update details:
NCR is making updates to the base XFS platform software and the NCR application software. We are implementing software changes that will enable the S2 dispenser to detect this specific class of TRF. The mitigation advice previously given to customers will only address the most common field attack method. These critical software upgrades are required to provide protection from possible variations in the attack technique. Base XFS platform and application software upgrades must both be applied. While this software update will detect probable fraud scenarios, it is also possible that genuine equipment malfunction could also be detected as fraud.

Contact your Case Financial representative to discuss your options at info@CaseFi.com.