ATM Fraud Prevention: The Complete Guide
Everything you need to know about ATM fraud: skimming, shimming, card trapping, jackpotting, and how to protect yourself — for consumers and operators.
Last Updated: February 2026
Disclaimer: This article is for educational purposes only. If you suspect you are a victim of fraud, contact your bank and local law enforcement immediately. Do not attempt to investigate tampering yourself.
Quick Definition: ATM fraud is any criminal scheme that exploits an ATM — or a cardholder's interaction with one — to steal card data, PINs, cash, or all three. It ranges from physical devices attached to machines to sophisticated software attacks on ATM networks.
What Is ATM Fraud?
ATM fraud is not a single crime — it is a category of fraud that encompasses physical hardware attacks, digital intrusions, social engineering, and cash-in-transit crimes. What unites them is the ATM as the point of attack.
For consumers, ATM fraud most often means discovering unauthorised withdrawals from their account after unknowingly using a compromised machine. For banks and ATM operators, it means reputational damage, regulatory scrutiny, financial liability, and the operational cost of responding to incidents.
Understanding the landscape — even at a high level — is the first step to protecting yourself or your fleet.
The ATM Threat Landscape
Card Skimming
Card skimming is the most prevalent form of ATM fraud. A criminal places a device — a skimmer — over or inside the card entry slot. When you insert your card, the skimmer reads and records your magnetic stripe data. A separate component (often a miniature camera or a PIN pad overlay) captures your PIN. With both pieces of data, a duplicate card can be created and used at other ATMs or POS terminals.
Why it persists: Skimming equipment is commercially available through illicit markets. A basic skimming setup can pay for itself within hours on a busy ATM. Modern skimmers are increasingly thin and difficult to spot by eye.
Who is most at risk: Consumers using ATMs in low-surveillance environments — independent ATMs in petrol stations, convenience stores, and tourist areas carry higher statistical risk than bank branch ATMs in surveilled lobbies.
Shimming
Shimming is a refinement of skimming targeting EMV chip-enabled cards. A shim is a paper-thin device inserted deep inside the card reader slot. When you insert your chip card, the shim sits between your card and the reader, intercepting the communication.
Shimming cannot capture the dynamic transaction codes that EMV produces — but it can capture enough data to create a fallback magnetic stripe copy, which may be used fraudulently in environments that still accept magstripe transactions.
The key distinction: Skimmers attach to the outside of the card reader. Shimmers sit inside it, making them nearly impossible to detect through a visual inspection of the machine's exterior.
Card Trapping
Card trapping does not steal your data — it steals your physical card. A device is inserted into the card slot that prevents your card from being returned after the transaction. The criminal waits nearby, retrieves the card once you leave (often after being distracted or advised to call a "helpline" by a nearby accomplice), and uses it immediately.
The distraction element: Card trapping often involves a "helpful" stranger who suggests you re-enter your PIN or call a number — while an accomplice observes. Do not accept unsolicited help at an ATM.
Cash Trapping
Rather than targeting card data, cash trapping involves a device placed in or around the ATM's cash dispenser that holds the notes when they are dispensed. The ATM completes the transaction (your account is debited), but the cash does not come out. The criminal returns later to retrieve the trapped cash.
ATM Jackpotting (Logical Attacks)
Jackpotting refers to logical (software or hardware-based) attacks that force an ATM to dispense cash directly, without a legitimate transaction. These are primarily threats for ATM operators and networks, not individual consumers.
At a high level, these attacks require direct physical access to the ATM's internals or network connection. They do not involve stealing card data — the target is the cash in the ATM itself.
Why this matters to consumers: Jackpotting attacks are typically aimed at ATMs in isolated locations, and successful attacks may result in machines being taken offline — limiting your access to cash.
PIN Capture
Beyond shimming and skimming, criminals capture PINs through:
- Miniature cameras hidden in false fascias above the keyboard, in flyer racks, or in the lighting surrounds
- PIN pad overlays placed over the genuine keypad — these feel slightly raised or spongy compared to the original
- Shoulder surfing — an accomplice observing your PIN entry in person
Your card data without your PIN is significantly less useful. Protecting your PIN is your strongest individual defence.
Common Myths About ATM Fraud
| Myth | Reality |
|---|---|
| "EMV chip cards are completely immune to skimming." | EMV reduces card-present fraud significantly, but shimming and fallback transactions remain risks in some environments. |
| "ATMs at my bank branch are always safe." | Bank branch ATMs are lower risk due to surveillance and frequent inspection — but no ATM is completely immune. |
| "I'll always notice if something is attached to the ATM." | Modern skimming devices are thin enough to be almost invisible. Physical tampering is not always obvious. |
| "Criminals only target busy ATMs." | High-volume ATMs generate more data, but isolated ATMs are targeted for their lower surveillance and inspection frequency. |
| "If money leaves my account from an ATM, the bank must refund it instantly." | Liability and refund rules vary by country, bank, and circumstances. Prompt reporting significantly improves outcomes. |
| "Contactless means I never need to insert my card — so I'm safe." | Most ATM cash withdrawals still require card insertion. Contactless ATM withdrawal rollout is limited and not universal. |
Warning Signs at the ATM — Check Before You Insert Your Card
A 30-second check before you use an ATM can prevent fraud. Look and feel for:
On the card slot:
- Unusual thickness or protrusion around the card entry point
- Parts that wiggle, wobble, or feel loose when you push or tug gently
- Scratches, residue, or adhesive marks around the slot edges
- A slot that feels unusually resistant when inserting your card
- A card reader that looks a different colour or material to the rest of the machine
On the PIN pad:
- A keypad that seems higher than normal, springy, or slightly off-centre
- A frame around the keypad that doesn't match the machine's design
- Anything attached to or resting above the keypad
Around the machine:
- Suspicious fixtures above the screen or keypad (false lighting, brochure holders with small holes)
- A machine that has been visibly moved or disturbed
- Anyone loitering near the machine who is not queuing to use it
If anything seems wrong:
- Do not insert your card
- Do not touch, move, or remove anything you suspect
- Move away from the machine
- Report it to the ATM operator (their number is usually on the machine) and your bank
- Note the location, ATM ID number (usually printed on the machine fascia), and time
Safe ATM Usage: A Consumer Checklist
- ✅ Use ATMs in well-lit, surveilled locations — bank lobbies, building lobbies, busy streets
- ✅ Perform a 30-second visual and physical check before inserting your card
- ✅ Always cover the keypad with your hand when entering your PIN — even if no one is visible
- ✅ Be suspicious of anyone who approaches you or "helps" you at an ATM
- ✅ If your card is not returned, do not re-enter your PIN — call your bank immediately
- ✅ Check your bank statements at least weekly — set up transaction alerts on your account
- ✅ Use your bank's official ATMs where possible; be more cautious at independent ATMs
- ✅ If you must use a public ATM, prefer ones you have used before without incident
- ✅ Don't use ATMs that appear to have been damaged or have out-of-order parts still accessible
- ✅ Enable transaction notifications on your banking app — real-time alerts are your fastest warning
For ATM Operators and Security Teams
If you manage an ATM fleet or a single machine, your responsibilities extend well beyond the consumer checklist.
Physical security:
- Implement anti-skimming hardware on all card reader slots — solutions include jamming devices that disrupt skimmer data capture and active card reader protection overlays
- Use tamper-evident seals on all accessible panels and door junctions
- Conduct documented, regular physical inspections (minimum twice daily on high-volume machines)
- Rotate inspection personnel and use inspection checklists to ensure consistency
Monitoring and detection:
- Deploy card reader monitoring systems that detect anomalous resistance, electrical characteristics, or physical displacement in real time
- Integrate CCTV coverage with incident management workflows — ensure footage is retained for the minimum period required by your fraud investigation policy
- Use transaction pattern monitoring to flag unusual withdrawal sequences or velocities that may indicate card data is being used from your machines
Network and software security:
- Ensure ATM operating systems are patched and supported — legacy OS environments are a known jackpotting vector
- Segment ATM network traffic from general corporate networks
- Implement application whitelisting where supported by your ATM vendor
- Work with your ATM vendor on XFS layer security and logical attack mitigations
Incident response:
- Maintain a documented ATM incident response procedure (see also: ATM Operator Security Checklist)
- Establish clear escalation paths to law enforcement and your card network
- Know your card scheme's fraud notification obligations and timeframes
ATM Operator Security Checklist: Daily Inspection and Incident Response Anti-Skimming Solutions
What Criminals Try (High-Level) and How to Disrupt It
| Criminal Approach | Disruption Strategy |
|---|---|
| Attaching skimming hardware to card slot | Anti-skimming hardware on readers; frequent physical inspections; CCTV monitoring |
| Inserting shimming device into card reader | Active card reader monitoring; alert system for unusual insertion resistance |
| Observing PIN entry | Always cover the keypad; awareness campaigns for consumers |
| Card trapping to steal the physical card | Clear signage: "Never accept help from strangers at this ATM"; report any card retention immediately |
| Logical attacks on ATM software | OS patching; application whitelisting; network segmentation; vendor security guidance |
| Targeting isolated machines | Prioritise anti-skimming deployment on lower-surveillance locations; increase inspection frequency |
If You Suspect You've Been Victimised — What to Do Now
- Check your bank statement or app immediately. Look for any transaction you don't recognise, especially small "test" withdrawals as well as larger ones.
- Call your bank's fraud line. The number is on the back of your card. Report the suspected fraud and ask for your card to be frozen or replaced.
- File a report. In the UK: Action Fraud (0300 123 2040). In the US: FTC at reportfraud.ftc.gov. In the EU: your national financial supervisory authority or local police. Your bank may require a crime reference number.
- Note the details. Which ATM, what date and time, what you noticed (if anything), and the ATM's ID number. This helps investigators.
- Change your PIN on any replacement card before first use. Do not reuse the compromised PIN.
- Monitor your account daily for at least 60 days — card data from skimmers is often sold and used weeks or months after capture.
- Check for other accounts. If criminals have your card data, they may attempt to access linked accounts or use the information for identity theft.
Payment Fraud Incident Response: A Step-by-Step Guide How to Dispute a Fraudulent Bank Charge: A Step-by-Step Guide How to Dispute a Fraudulent Bank Charge: A Step-by-Step Guide
Frequently Asked Questions
Q: Can a skimmer steal my contactless card data without touching my card? A: In theory, contactless cards transmit a small amount of data — but what they transmit is tokenised and limited. Practical attacks on contactless cards in the wild (without card insertion) are extremely rare. The more significant risk remains physical skimming at ATMs that require card insertion.
Q: Does covering my PIN actually make a difference? A: Yes — significantly. Card data alone is far less useful without a PIN for ATM fraud. Criminals specifically need both. Covering the keypad, even when you cannot see a camera, defeats this combination.
Q: How quickly should I report suspected fraud? A: Immediately. Most banks require you to report fraud "within a reasonable time" — and many will apply reduced liability protections only if you report promptly. Same day is always better.
Q: Will my bank refund money stolen through ATM skimming? A: In most cases, yes — particularly if you report promptly and have not been negligent with your PIN. Exact liability rules vary by country and bank. In the EU, strong consumer protection rules apply to unauthorised payment transactions. In the US, Regulation E applies to debit card transactions. Ask your bank for details.
Q: Are ATMs in tourist areas riskier? A: High-traffic tourist ATMs attract skimmer installations due to volume of transactions and potentially less frequent inspections. Exercise more caution and use the physical checks described above.
Q: What's the difference between skimming and shimming? A: Skimming devices attach to the outside of the card reader and target magnetic stripe data. Shimmers sit inside the card reader and intercept communication with chip cards. ATM Shimming Explained: What It Is and How to Protect Yourself
Q: I found what I think is a skimmer on an ATM. What should I do? A: Do not touch or remove it — this preserves evidence and keeps you safe. Move away, note the ATM location and ID, and call the ATM operator (number on the machine) and local police. Do not use the machine.
Q: How can an ATM operator know if their machines have been tampered with overnight? A: A combination of morning physical inspection using a documented checklist, CCTV review of the overnight period, and electronic card reader monitoring systems provides the most comprehensive coverage. Anti-skimming solutions that actively monitor reader integrity provide real-time alerts.
Additional Resources
- How to Spot a Card Skimmer on an ATM: 10 Warning Signs — How to Spot a Card Skimmer on an ATM
- ATM Shimming Explained: What It Is and How to Protect Yourself — What Is ATM Shimming?
- Safe ATM Usage: 15 Habits That Protect Your Card and PIN — Safe ATM Usage: 15 Habits
- ATM Operator Security Checklist: Daily Inspection and Incident Response — ATM Security Inspection Guide for Operators
- ATM Operator Security Checklist: Daily Inspection and Incident Response — ATM Operator Security Checklist (Support Page)
- A–Z Glossary of Payment Fraud and Security Terms — Fraud & Security Glossary
- Anti-Skimming Solutions — ATM Fortify Anti-Skimming Solutions
CTA — For ATM Operators and Banks
Is your ATM fleet protected against physical attacks?
ATM Fortify provides anti-skimming hardware, monitoring systems, and security assessments for ATM operators across 30+ countries. Request a Security Assessment →
Last Updated: February 2026
For emergencies, contact your bank immediately and call local law enforcement. This article is for educational purposes and does not constitute security, legal, or financial advice.
Need Professional ATM Security Support?
ATM Fortify provides anti-skimming hardware, security assessments, and fraud prevention consulting for ATM operators and financial institutions across 30+ countries.