ATM Fraud Detection Case Study: How a Major FI in Africa Improved Early Warning Fraud Detection

In late 2016, one of the largest financial institutions in Africa found themselves the target of a sophisticated, highly coordinated ATM fraud attack. 100 people had used forged credit cards to withdraw $19M from 1400 ATMs in one city in under 3 hours. With over 8,000+ ATMs and 40,000+ POS devices in operation across the African continent, delivering an exceptional customer experience required the financial institution to remain on the forefront of early warning fraud detection and to gain immediate visibility into these attacks and ensure self-serve banking channels are running as expected, 24-7.


One of the key challenges this financial institution faced was a lack of end-to-end visibility into payments applications and the millions of transactions they processed every month. They were vulnerable to network blind spots that criminals were out to exploit. In this specific case, ATM transactions originating from foreign terminals were being approved within the financial institution’s payments environment – without actually making it to the back-end host authorization. This was due to a man-in-the-middle type of malware sitting on their payments switch.

Faced with increasingly sophisticated fraud techniques and information security risks, the group needed to implement a reliable, early-warning system to alert them immediately of any potential fraudulent transactions and minimize customer impact by:

  • Identifying ‘fake’ processing due to switch malware and card compromise
  • Isolating terminals used in a coordinated attack
  • Knowing when a concentration of transactions were occurring on a particular terminal or area
  • Picking up on an unusually high number of unexpected fall-back transactions
  • Creating visibility into implausible transacting scenarios (multiple devices / countries in a limited period)

ATM Fraud Detection Solution

Following this front-end attack, payment solutions expert Stanchion was consulted to architect and implement a first line of defence against fraud at the financial institution’s ATMs. Stanchion proposed a sophisticated solution that combined their proprietary skills and services with INETCO Insight® real-time transaction monitoring and data streaming software.

Some of the alerts that the financial institution set up to combat fraud, included:

  • X number of international transactions within Y hours
  • X or more bank cards carrying out withdrawals on the same foreign terminal within Y minutes
  • X number of consecutive magnetic stripe transactions (instead of chip) from a specific ATM
  • Missing back-end transactions and unexpected stand-ins (cash withdrawal observed on an ISO link with no matching DB transaction)
  • X number of transactions by international cards in the last Y hours

INETCO Insight now makes it easy for the financial institution to profile transactions from end-to-end, without the use of heavy agents, extra traffic loads or code changes. Open access to this rich transactional intelligence consistently helps the group quickly isolate potentially fraudulent transactions and prevent processing.


Stanchion and INETCO Insight have strengthened the financial institution’s ability to detect and defuse front-end hackers, man-in-the-middle attacks and coordinated global attacks. They have helped this financial institution to:

  • Immediately detect suspicious transactions and card usage patterns, such as large values or high-velocity transaction volumes occurring at a specific ATM 
  • Isolate and investigate transaction performance anomalies across the entire, end-to-end environment 
  • Protect the ATM terminals, network blind spots and back-end payments systems that criminals are out to exploit