ATM Machine

The introduction of Automatic Teller Machines (ATMs) has dramatically changed the face of banking, offering customers a wider range of services that are not reliant on strict banking hours of operation. Unfortunately, the ATM is an attractive target for criminal attack due to the cash held within the safe compartment of the machine. Many techniques of attacking the machines have been tried, with varying levels of success.

A study into physical attacks on ATMs worldwide between 2005 and 2010 aimed to provide tangible statistics for use by security departments of major financial institutions.  Ram raiding was identified as the most commonly attempted method of attack with the highest rate of success.

Australian Attacks

In Queensland, Tasmania and New South Wales in 2008 and 2009 especially, there were numerous physical attacks on ATMs, in particular involving explosives and gas. Gangs of attackers cut, rammed, blew apart and removed ATMs to get to the cash held within. Financial institutions and third-party ATM providers have increased their efforts to protect their machines, with some employing devices such as CCTV surveillance, gas suppression units, cash dye, and target-hardening methods such as bollards, chain guards, anchors and anti-ramming plinths to prevent machines against physical attack. However these measures come at an expense and are impractical for use on every machine, leaving non-protected machines vulnerable to attack. The security strategies currently deployed on ATMs varies greatly between the big four banks, third-party providers, and other financial institutions. However, the sheer number of ATMs available means attackers have their choice of alternative targets if one appears unsuitable or too heavily protected.

ATM Attack Methods

Physical ATM attacks fall into three categories:

Explosive Attacks – Offenders either attach explosives to the machine, or insert gas into the machine and detonate it, forcing the cash door open and exposing cash.

Cutting – Criminals attempt to steal cash by physically penetrating the ATM and the safe using mechanical tools such as saws, grinders and torches to open the safe door or make an opening in the safe walls.

Ram Raid/Removal – Criminals attempt to remove the ATM from its location, often by tying a chain to it and detaching it with a truck or other large vehicle.

Attack Success Rates

From 108 ATM attacks analysed in the study, the overall rate of success was exactly 50%, indicating that a reasonable offender has a 50:50 chance of success when attacking an ATM regardless of variables such as the method of attack used, the type of machine attacked, the location of that particular machine and the number of offenders involved. Forty-two per cent of attacks were found to be unsuccessful and the success
of just 7.5% of attacks was not known.
A successful attack is recorded when cash has been reported as being removed from the machine. An unsuccessful attack is when cash was not removed from the machine or when the offenders were reported as having been apprehended at the time of the attack. The results of the study are displayed in the table below.

Ram Raiding

Ram raiding was the most successful method of attack and also the most frequently attempted attack, accounting for 45.4% of the attacks included in the study. One possible reason for this is the simplicity of the method, as no special tools or exceptional knowledge are required to attempt a ram raid. Cutting and explosive attacks on the other hand require tools and an understanding of gas or explosives use to be attempted, or indeed successful.

Machine Location And Type

In addition to highlighting the exposure of ATMs to ram raid attacks, the study shows that ATM attacks are more successful at stand-alone machines than branch locations. Over 60% of all attacks took place at stand-alone ATMs. It was found that 36.1% of attacks were at branch locations and the location of 2.7% was unknown, clearly identifying stand-alone ATMs as being at higher risk of attack.

Also proving an influence on the method of attack and success rate is the model of ATM Lobby machines reported the highest rate of attack at 36.1%, with a smaller 25.9% taking place at through-the-wall locations as shown in the table above.

One obvious explanation for the preference of lobby machines, particularly with ram raiding, is that they stand alone from any masonry or permanent structure, making them easier to dislodge from their base with force. Explosive attacks likewise benefit from the stand-alone nature of lobby machines. Cutting attacks on the other hand benefit from the privacy of bunkers and ATM rooms in not having to perform the attack out on the street. A large portion of attacks (38%) did not identify the type of machine so the conclusion that lobby machines are more vulnerable could be further validated, or disproven if the missing information were established.


The ATM will always be an attractive target for criminal attack, resulting in financial loss, unavailability of machines and often damage to surrounding areas including shops, footpaths and shopping centres.
Ram raiding of ATMs has been clearly identified as the modus operandi offering the highest possibility of success to the attacker and as presenting the most significant vulnerability to financial institutions and third party ATM providers. The role of the security professional in this field is therefore to reduce the level of risk faced by machines, particularly lobby machines, in stand-alone locations. Target-hardening methods, increased CCTV surveillance, and other devices that mitigate attack attempts are useful tools, however only they make up part of the equation. Financial institutions must carefully consider proposed locations before the machine is even installed and be prepared to walk away if the location does not offer safeguards such as natural barriers, clear lines of sight and good lighting. In addition to these CPTED (Crime Prevention though Environmental Design) safeguards, the four basic security principles of deterring, detecting, delaying and responding to and monitoring attacks must also form the basis of ATM placement to effectively reduce the risks.

Although ram raiding has proven the most common and successful method of attack, explosive and cutting attacks are continuing across Australia. New methods of attack will emerge in time and banks, financial institutions and third-party ATM providers must be proactive in their security methodologies to effectively reduce attacks on ATMs.

Rachell Deluca
Rachell DeLuca is a Senior ICT Consultant at Umow Lai, Melbourne, specialising in security. She has over 13 years’ experience in the security industry, with several years spent working with ATMs at one of Australia’s big four banks. For more information Rachell can be contacted at rachell.