This post examines the latest trends in ATM fraud and security. Reported losses are falling, but attacks are increasing, creating a paradox for banks and ATM operators. We explain how criminals are changing their methods, why losses appear smaller, and what new security measures are shaping ATM protection in 2025.
In 2023, the European Association for Secure Transactions (EAST) recorded 7,115 cases of terminal attacks across Europe. Just one year later, that figure jumped to 14,664 cases, more than double.
What you might not expect is what happened to the money. Losses didn’t rise with the number of attacks. Instead, they fell sharply, from €173 million in 2023 down to €71 million in 2024.
At first glance, it looks like progress. Fewer euros lost means stronger defenses, right? But the reality is more complicated. Criminals are not going away; they are changing their methods, while banks are investing in new controls. This mix explains why the numbers seem to pull in opposite directions: more attacks, but less direct damage.
These figures come from Europe’s most detailed fraud report, published annually by EAST. While regional differences exist, the data provides one of the clearest windows into how ATM crime is evolving worldwide. We use it here as an illustration because the patterns of more frequent attacks, changing techniques, and shifting costs reflect trends that banks and ATM operators are facing globally.
To see the full picture, we need to look closer at how these attacks are carried out and the trends shaping ATM security in 2025.
Table of Content:
- New Patterns in ATM Fraud
- Common ATM Fraud Attack Methods
- Why Reported ATM Fraud Losses Are Falling
- ATM Security Trends for 2025
- Why Rising ATM Attacks Still Matter in 2025
- How POND IoT Supports ATM Security
New Patterns in ATM Fraud
Traditionally, ATM attacks were rare but extremely costly. A jackpotting incident, for example, could empty an entire machine in minutes. Today, fraudsters are shifting to higher-volume, lower-payout methods such as card trapping or cash trapping. These don’t always generate headlines, but they’re easier to attempt and, when multiplied across thousands of machines, can create widespread disruption.
This shift explains the paradox: banks have improved defenses against the biggest heists, but criminals are compensating by increasing the sheer number of smaller-scale attacks.
Common ATM Fraud Attack Methods
ATMs are targeted in several different ways. Some of these methods have been around for years, while others use more advanced technology.
One of the most common tricks is cash trapping. Criminals block the dispenser so money never reaches the customer. When the customer leaves, thinking the machine failed, the cash is collected by the thief.
Another method is card trapping. A device inside the slot holds the customer’s card, while hidden cameras or fake keypads capture the PIN. With both the card and the PIN, attackers can later withdraw money from the account.
There is also transaction reversal fraud (TRF). In this case, the ATM pays out cash but records the withdrawal as canceled. The result is money leaving the machine without appearing in the bank’s system.
Some attacks are more technical. In relay attacks, criminals intercept the communication between the ATM and the bank’s servers, tricking the system into approving transactions that should not go through.
The most aggressive approach is jackpotting. Criminals install malware or special hardware inside the machine, forcing it to dispense its entire stock of cash in a matter of minutes.
Each method looks different, but they all create the same problems: lost money, downtime, and customers who lose confidence in the safety of their bank.
Why Reported ATM Fraud Losses Are Falling
When reported losses go down, it’s easy to assume that fraud is under control. In reality, a lot is happening behind the scenes. Stronger ATM hardware, better encryption, and round-the-clock monitoring all make it harder for thieves to pull off big hits.
But the drop in “losses on paper” hides some truths.
Costs are shifting, not disappearing. Banks now invest heavily in prevention, from software upgrades and staff training to replacing aging machines. Those aren’t usually counted in fraud-loss reports, but they chip away at margins.
Attack methods are evolving too. Fraudsters are trying smaller, repeated tricks. Each incident might cost less, but taken together, they wear down defenses.
Downtime and customer perception carry real weight. If an ATM is offline, even briefly, someone might go home empty-handed, or worse, lose faith in the bank. The reputational damage, customer frustration, and lost usage aren’t captured in financial statements.
Finally, higher compliance and regulation mandates force banks to make constant investments in security and reporting. These regulatory burdens reduce large payouts but add significant recurring costs.
Fraud doesn’t just drain money directly. It also contributes to downtime when machines are shut down for investigation or repair. And downtime itself is expensive: ITIC’s 2024 survey found that over 90% of mid-to-large firms now put the cost of one hour above $300,000.
So when losses appear smaller, it’s not that risks have vanished, just the costs have migrated to other areas.
Safeguard ATM Connectivity with
POND IoT
We understand how critical connectivity is for ATMs.Our turnkey LTE solution includes industrial routers, multi-network SIMs, and 24/7 support — everything you need to keep your ATMs secure and online.
ATM Security Trends for 2025
Here are some of the biggest developments we're seeing in ATM security, trends that operators can’t afford to ignore.
- New compliance & encryption rules take center stage
Starting January 1, 2025, PCI requires ATMs to support TR-31 key blocks — a stricter method for packaging cryptographic keys to prevent misuse.
Along with that comes TR-34 remote key loading (RKL), which allows secure remote updates of encryption keys without having to send a technician physically to the ATM.
If your machines don’t support these, they risk being disconnected from networks or losing transaction capability.
- AI & machine learning for smarter fraud detection
Many ATM operators are already testing or rolling out AI tools that detect anomalies, weird patterns or signals that suggest tampering or fraud. The idea is to respond faster than a human might.
For instance, systems that analyze transaction patterns, time of day, or repeated failure attempts can flag suspicious ATMs.
- Connectivity resilience becomes essential
With more fraud attempts and network-level attacks, ATMs need backup paths. Multi-carrier (Multi-IMSI) SIMs + VPN fallback are increasingly considered essential, not optional.
If the main connection fails or is compromised, machines must still stay online for monitoring, alerts, and even limited transactions.
- Legacy systems are under pressure to upgrade
A surprising number of ATMs still run outdated operating systems or hardware. That makes them ripe for exploitation.
In many markets, banks are migrating their fleets to newer OS versions (e.g. Windows 11 IoT) to maintain support, patching, and compatibility.
- Physical tampering & hybrid attacks rise
Attackers are combining digital and physical methods. Hardware tampering (skimming, port probing, forced entry) is becoming more frequent.
One example: security researcher Matt Burch exposed vulnerabilities in the Diebold Nixdorf Vynamic Security Suite that let attackers bypass drive encryption and take control of the ATM.
Because of this, security is not just about software, it’s about reinforced enclosures, sensors, surveillance, and tamper-detection.
Why Rising ATM Attacks Still Matter in 2025
Criminals aren’t stopping. They’re just changing how they work. Big single hits are less common. Now it’s smaller attacks, repeated often, that are harder to trace but still add up.
For banks, that makes life complicated. Losses on paper may look smaller, but costs don’t vanish. Money goes into prevention, compliance, and constant monitoring. Downtime still hurts.
And customers? They notice the basics. If an ATM is offline or feels unsafe, they walk away. Some go to another bank. Trust slips fast, and it’s tough to win back.
That’s why 2025 is all about resilience, keeping ATMs secure, connected, and running, even when attacks don’t look big in the reports.
How POND IoT Supports ATM Security
Security isn’t only about locks and cameras. ATMs depend on constant connectivity for transaction processing, monitoring, and fraud detection. If that connection fails, an operator loses visibility and control, and that’s when criminals gain an advantage.
POND IoT strengthens this layer with:
- Multi-Carrier (Multi-IMSI) SIMs that switch automatically to the best available network.
- Internet Failover that keeps ATMs online even during provider outages.
- LTE/5G over VPN to isolate sensitive transaction data from public networks.
- Scalable plans to support large ATM fleets across regions or countries.
By combining secure connectivity with built-in redundancy, POND IoT helps operators reduce downtime, protect customer trust, and stay ahead of evolving threats.