Banking, Security

What Is ATM Jackpotting, and Could It Happen to Your Bank?

Posted on by Darla Liebl
person inserting card into atm
07
Aug

Criminals aren’t just after customer data anymore. Increasingly, they’re back to targeting the machines themselves. ATM jackpotting—a cyber-physical attack that forces an ATM to dispense all its cash—is on the rise, and community banks are squarely in the crosshairs.

While many banks are familiar with digital fraud or card skimming, jackpotting represents a more sophisticated and direct threat to physical cash assets. Unlike traditional fraud schemes that compromise personal data or payment credentials, ATM jackpotting focuses on the machine itself, bypassing software security and accessing the hardware in ways that standard protections often don’t catch in time.

What Is ATM Jackpotting?

ATM jackpotting is the act of manipulating an ATM—both physically and digitally—to trick it into dispensing large amounts of cash on command. The term comes from the image of an ATM “spitting out” cash like a slot machine jackpot. But unlike gambling, the odds are unfortunately stacked in the attacker’s favor if a bank isn’t properly protected.

Jackpotting attacks often involve breaching the ATM cabinet to access internal components. Once inside, attackers install malicious software or connect a black box device that overrides normal operations. This allows them to withdraw the entire cash reserve in a matter of minutes—sometimes over $100,000 from a single machine.

This method differs from card skimming or digital fraud in one major way: the attackers aren’t stealing customer credentials or draining individual accounts. They’re stealing directly from the bank, putting physical assets and reputation at serious risk.

Why ATM Jackpotting Is on the Rise

In April 2025, the Community Bankers Association of Kansas issued an urgent alert after multiple jackpotting attacks hit ATMs in Salina and Wichita. These were not “smash-and-grab” crimes. Criminals used highly specialized tools to:

  • Access ATM cabinets undetected
  • Disconnect legitimate cash dispenser hardware
  • Install black box devices preloaded with jackpotting software

The incidents occurred late at night, targeting stand-alone ATMs in less-monitored areas. While surveillance and alarm systems may have been in place, the response window was too short to prevent the theft.

These events underscore an uncomfortable truth: ATM jackpotting isn’t theoretical or limited to major metro areas. It’s happening now—in community banks, in smaller cities, and in places that might have once seemed too “under the radar” to worry.

How Does ATM Jackpotting Work?

While each method may vary, most jackpotting attacks follow a similar pattern:

  1. Physical Access: The attacker uses tools to open the ATM cabinet, often disabling or bypassing tamper alarms.
  2. Hardware Manipulation: They disconnect the cash dispenser from the ATM’s legitimate controller.
  3. Black Box Connection: A rogue device is connected to the dispenser. This black box communicates directly with the hardware, bypassing software protections.
  4. Cash Dispensing: With the system overridden, the attacker commands the machine to dispense cash continuously. The entire process can take less than 10 minutes.

In some cases, attackers disguise themselves as technicians or security personnel to avoid suspicion during business hours.

Signs Your ATMs Could Be Vulnerable

Not all machines are equally at risk. Here are some indicators that your ATMs might be more susceptible to ATM jackpotting:

  • Outdated ATM Operating Systems: Machines running unsupported systems (e.g., Windows 7) lack critical security patches. Here’s why that’s a problem.
  • Lack of Tamper Detection: No physical alarms, intrusion sensors, or locking mechanisms to prevent unauthorized cabinet access.
  • Minimal Monitoring: Stand-alone or drive-up ATMs that aren’t actively monitored through video, telemetry, or third-party tools.
  • Irregular IT and Physical Inspections: No routine checks for firmware updates, physical damage, or suspicious behavior logs.

How to Protect Your Bank from ATM Jackpotting

Community banks don’t need to overhaul their ATM infrastructure overnight, but layered defenses are essential. Here’s how to reduce your risk:

1. Update Software and Firmware Regularly

Ensure that your ATM operating systems are supported and patched. Older versions like Windows 7 or XP should be upgraded immediately or isolated from networks.

2. Deploy Advanced Monitoring and Detection Tools

Modern ATM security tools can detect abnormal behavior such as unusual reboot patterns, unauthorized USB connections, or deviations from typical transaction volumes.

3. Strengthen Physical Security

Upgrade locks, add tamper sensors, and improve lighting and surveillance coverage. Schedule routine physical inspections, especially at off-site or drive-up locations.

4. Train Employees on Recognition and Escalation

Frontline employees should be trained to identify suspicious behavior—such as individuals accessing ATM cabinets without notice—or physical signs of tampering.

5. Establish Incident Response Procedures

Have a clear plan for responding to ATM security incidents, including immediate shutoff protocols, forensic data collection, and law enforcement coordination.

6. Engage ATM Vendors and IT Partners

Consult your ATM providers about anti-jackpotting features. Vendors often offer specific hardware or software add-ons to address this exact threat.

Could This Really Happen to Your Bank?

Yes, especially if:

  • You operate drive-up or stand-alone ATMs without 24/7 monitoring
  • Your ATM OS is outdated or lacks anti-malware protections
  • You’ve never tested a physical breach scenario or response plan
  • Staff aren’t trained to recognize social engineering or tampering tactics

Community banks often serve as trusted anchors in their neighborhoods. But that trust can be quickly eroded by a successful ATM jackpotting attack—especially if customers learn that basic protections weren’t in place.

Protect Your Physical and Digital Assets with RESULTS Technology

ATM jackpotting is no longer reserved for international crime rings or big city heists. It’s local. It’s sophisticated. And without proactive steps, it’s a real risk for community banks—especially those without modern IT compliance and physical security strategies.

Now is the time to review your machines, revisit your controls, and train your team. And if needed, bring in expert support to strengthen your defenses before attackers find a weakness.

Learn how RESULTS Technology helps protect your ATM fleet and reduce jackpotting risk.

Darla Liebl

Darla Liebl is the Marketing Director at RESULTS Technology, where she leads strategy and content development to support community banks, credit unions, and financial services firms with compliance-focused IT solutions. With over a decade of experience in B2B marketing and a passion for cybersecurity and business growth, Darla creates educational content that helps small businesses make informed technology decisions. Her work focuses on translating complex IT topics into clear, actionable insights that resonate with both technical and non-technical audiences.