Security Update: Transaction Reversal Fraud – UK Edition

a screenshot of the inetco insight dashboard displaying a transaction reversal fraud alert
Read the whitepaper titled, “INETCO Insight – Machine Learning and Risk Scoring for Real-time Payment Fraud Detection and Prevention.”

On November 21st, NCR issued a security alert for a new form of Transaction Reversal Fraud (TRF) occurring in the UK, typically between 10 PM and midnight on any given day.

Contrary to previously reported TRF attacks in which cash is pried from the dispenser after a payment reversal is initiated due to the jamming of the card reader, this new method does not require any interaction with the card reader or the use of modified cards. Instead, the fraudster manipulates the cash dispenser to activate a fault, which is subsequently reversed by the transaction host. The fraudster is then able to withdraw cash without the corresponding account being debited.

NCR has reported that fraudsters in the UK are using multiple different cards to execute the attack, with Bank Identification Numbers (BINs) corresponding to issuers in Russia and Ukraine.

Transaction Reversal Fraud is becoming increasingly more common, with The Europe Association for Secure Transactions (EAST) recently reporting that TRF is up 135% with total losses reaching 3.2 million euro in the first six months of 2019. Unlike logical ATM attacks, TRF is a sophisticated attack involving a sequence of events at the ATM that generates multiple error codes, an unnecessary payment reversal and the removal of cash from the dispenser. These attacks can be tricky to isolate and detect before financial losses occur, especially if changes to the ATM host applications are required.

While it is impossible to prevent fraudsters from attempting Transaction Reversal Fraud, with real-time access to the right data, you can gain the precise information needed to immediately detect TRF and protect (or even shut down) targeted ATMs within seconds. When selecting a fraud detection and prevention solution, such as INETCO Insight, it is important that the solution have the ability to ensure that every payment transaction is independently captured, every message field is fully decoded and every transaction link is correlated. Not only should the solution capture transaction data, it must marry transactions to hardware events and errors in real-time, thereby identifying TRF and helping take appropriate action.

receive a real-time notification when a transaction contains a reversal and a device error code.
Screenshot 1: Use INETCO Insight’s rules-based alerts engine to marry transaction reversals with ATM device sensor errors in real-time.

For example, if an ATM device code error occurs and the ATM subsequently reverses the transaction, a customizable rules-based alert can trigger a workflow to shut down the targeted ATM within seconds.

quickly detect transaction reversal fraud attacks and shut down atms in seconds.
Screenshot 2: Profile each individual transaction in real-time to immediately research ATM device error codes and reversal transactions – Especially those that exceed specified withdrawal amounts or volume/velocity thresholds. Quickly detect Transaction Reversal Fraud attacks and shut down ATMs in seconds.

If you would like to learn more about how INETCO can help detect and protect against TRF, schedule your demo today or send us an email at .