ATM jackpotting is no longer a niche threat. According to a February FBI advisory, 700 of the 1,900 attacks tracked since 2020 occurred last year, totaling more than $20 million in losses. Data from the ATM Industry Association through November 2025 show just how dominant the tactic has become: 72% of all reported ATM crime last year involved jackpotting or cash-out attacks, while physical attacks accounted for less than 10%.
What makes jackpotting different is that it bypasses the customer entirely. Banks often distinguish it from fraud tied to stolen personal information or drained customer accounts. Instead, attackers go after the machine itself. Using generic physical keys, they access an ATM’s hard drive, install malware such as the Ploutus family, and target the software layer that tells the machine what to do. If they can control the XFS layer, they can make the ATM dispense cash without a valid card, customer account, or bank authorization message.
The defense starts with accepting that this is a layered problem. Banks are still relying on traditional physical deterrents like cameras, alarms, and locks, but they are putting more energy into technical security and machine hardening. As one regional bank’s head of cash and ATM operations told ProSight, “The tricky part about it is not setting up the monitoring. It’s finding the needle in the haystack that’s the bad guy hacking the system.” His conclusion: “That’s why the industry promotes a layered defense.”
Basic tech hygiene is now part of ATM security. That includes updating ATM software regularly and adding the latest cybersecurity features from manufacturers as they become available. Or, as the same executive put it: “Don’t be the slowest gazelle.”
The FBI’s guidance is specific and operational. Its advisory recommends focusing on removable storage usage, controlled file access, and high-fidelity jackpotting detection with minimal system overhead. It also outlines more than two dozen hardening steps, including whitelisting devices and networks, configuring automatic shutdown conditions, and collaborating with industry groups.
Coordination still matters because enforcement is uneven. Whether DOJ prosecutes jackpotting federally can depend on where the ATM sits and who is involved. That unevenness has helped drive support for the Safe Access to Cash Act, which would extend the same federal protections to non-bank ATMs that bank-owned machines already have.
For banks, the takeaway is straightforward: jackpotting is no longer just a physical ATM problem. It is a monitoring, software, malware, and coordination problem, too.
