Submitted by Oberhur Feerica
A Growing Network in More Exposed Locations
Banks across Southeast Asia are forecast to close around 11,000 branches by 2030, approximately 18% of the current network. The industry’s response is a new generation of multi-function ATMs that can dispense cash, accept deposits, recycle banknotes between customers, and offer broader banking services. These are increasingly referred to as Super ATMs. Banks and independent ATM deployers are both investing in them. According to RBR research, Asia-Pacific saw the largest regional increase in independent ATM deployer installations globally, with nearly 11,000 new ATMs added, driven particularly by India and Indonesia.
The security challenge grows with the asset. A cash recycler that accepts deposits of higher denomination banknotes accumulates a significantly more valuable cash load than a basic dispense-only ATM. Super ATMs are also being deployed in new locations where customers demand the service, such as convenience locations that operate late into the night with limited security compared to bank branches. That combination of higher value and greater physical exposure creates exactly the conditions that organised criminals seek out
Two Threats, Not One
The industry faces two categories of attack on ATMs. Understanding both matters because they require different responses.
The first is jackpotting fraud, also called a cashout attack: criminals taking control of an ATM’s software to instruct it to dispense cash continuously, without a card or PIN, until the ATM is empty. One increasingly common method is the Direct Memory Access attack, in which criminals open the ATM’s top cabinet, connect to an internal port, and alter the ATM’s memory directly, bypassing antivirus software and all other operating system controls.
The method works across all ATM brands and models. According to the FBI, more than 700 jackpotting incidents were recorded in the USA in 2025 alone. Not every incident reaches law enforcement, so the true scale is almost certainly much higher.
The second category is the physical attack: ram raids, angle grinder attacks, and explosives. Criminals do not commit to one method. They look for the weakest point of any given target. In Europe, as physical safes have become stronger, explosive attacks have become more common. Criminals escalate until they find what works. A Super ATM deployment that hardens against one threat but not the other leaves an obvious opening
Software Layers and Their Limits
The ATM industry has developed serious softwarebased protection frameworks. The reality is that consistent application across an entire estate, particularly for smaller institutions and independent deployers, is not always achieved. The cash-out attack method is also specifically engineered to operate below the software layer: once a criminal has physical access to an internal port, software protections can be circumvented. Older ATMs may not support the firmware updates needed for protection.
Where software layers are incomplete or can be bypassed, a physical failsafe is needed. Oberthur Feerica has developed a device that physically monitors the ATM dispenser and detects when an abnormal cash-out is in progress.
When triggered, it shuts the dispenser down, cutting off the criminal before the ATM can be emptied. It is a last line of defence for cash-out attacks that the software layer did not catch.
Removing the Reward from Physical Attack
For physical attacks, the principle is different. EMV chip technology showed the industry how to deal with card fraud: not by catching every criminal, but by removing the value of what they were trying to steal. Once fraud became unprofitable, it stopped being worth attempting.
Intelligent Banknote Neutralisation Systems, known as IBNS, apply that same logic to physical ATM attacks. When an IBNS-protected ATM is attacked, the system permanently stains the banknotes inside. Stained notes are rejected by ATMs, cash-counting machines, and merchants. They cannot be spent or deposited. The attack may still occur, but the criminal leaves with nothing of value and will not return. Unlike bollards, enclosures, and locking bars, which delay an attacker and can make an ATM look unwelcoming, IBNS is invisible in normal operation and does not affect the customer experience in any way.
The technology is proven across Europe and the United States, and it operates within the frameworks of more than sixty central banks globally that have authorised the acceptance and reimbursement of stained banknotes.
For banks and independent deployers building Super ATM networks across Asia, the question is not whether to address security. It is whether the security strategy covers both threats. Criminals will find the weak point. By the time the first wave is visible, it has already begun, and it is far harder to stop than to prevent.
About the Author
Paul Nicholls is the Director of Business Development, Oberthur Feerica. With over 30 years in the ATM industry, Paul brings deep expertise in ATM security and self-service technology, and is a regular industry contributor and conference speaker.
