Facts on ATM Camera Security
by Kitsune
Here are some facts to clear up the many misconceptions on cameras at Automatic Teller Machines (ATMs).
Myth: Every ATM has a camera, as required by law.
Fact: There are no national (U.S., Canada, Mexico, Japan, Australia, New Zealand, to name a few that I can confirm) or banking industry laws on requiring video or film.
There are some local laws (or laws in other countries) that have been implemented, but they are typically only for personal security in a vestibule.
Remember, the banking industry is cheap; they do not put in any more than they need. They are also unregulated - they can do anything they want with the cameras. There are no "camera police" to decide what is "allowed."
Their biggest loss is in fraud, and this is the only reason for them putting cameras in, not your personal security. If there is a vestibule with cameras in it, these are for security.
Myth: Every ATM has a camera, even if you cannot see it.
Fact: If there is a camera, you can see it. If the plastic is too dark for you to see through, the same is true for the camera.
Fish eye adapters (not lenses, but screw on adapter glass for the existing lens, which is typically an auto-iris type) cost bucks, as much as the camera in some instances. Pinhole lenses are even more expensive and the image sucks. They do not use them in ATMs. Period.
A one-way mirror (like manager's office type) is too dark, so it is not used. Instead they use a Mylar film. You can see through just as well as the camera, if there isn't too much reflected light on your side.
Myth: The camera can see me entering my PIN.
Fact: The banks couldn't care less if they see your hands entering the PIN - they want to see your face.
Myth: The camera can see me, and identify me and/or my car.
Fact: To get the best image of the user, the lens is picked and adjusted to make your face fill the screen when you use the ATM. This means setting the focal length/focus to around 20 inches. You cannot be identified at 20 feet with this setting, as either your face/license plate is too small, or it is out of focus.
Myth: Someone, someplace is watching that camera.
Fact: No one, no place is watching that camera. A "time-lapse" VCR is connected to the camera, and the VCR may be recording other cameras in the same bank in addition to the ATM camera.
Fact: The "time-lapse" VCR is basically a "snap-shot" recorder, and the images are therefore recorded every second or so. If the ATM camera is part of a larger camera system, the ATM camera is only recorded every few seconds (every second or so multiplied by the total number of cameras).
Typical speeds are:
NTSC
- 2h (Beta-2 & VHS-SP)
- 6h (VHS-SIP)
- 12h, 18h, 24h (0.2 sec)
- 48h (0.4 sec)
- 72h (0.6 sec)
- 84h (0.7 sec)
- 96h (0.8 sec)
- 120h (1.0 sec)
- 180h (1.5 sec)
- 240h (2.0 sec)
- 480h (4.0 sec)
PAL
- 3h (VHS-SP)
- 12h, 24h (0.18 sec)
- 48h (0.34 sec)
- 72h (0.5 sec)
- 84h (0.58 sec)
- 96h, 120h (0.82 sec)
- 180h (1.22 sec)
- 240h (1.62 sec)
- 480h (3.22 sec)
Myth: The banks review all the tapes, looking for suspicious activity.
Fact: Very few banks review their tapes, and those that do just review them for system operation (All cameras work? In focus? Date/time correct? Transaction data showing?). They do not watch the tape with any detail, unless they are looking for something.
Once they are looking for something, they search for the date and time of the audit trail on the tape, using the cue/review or Vertical Interval Time Code (VITC) search features of the VCR, ignoring all other activity on the tape.
Myth: The VCR is only activated when I put in my card.
Fact: The VCRs run 24-hours-a-day. Only one percent of them are "activated" by the card (there is too much time taken to get the tape up to speed after such an unloaded position, and if you stay in "still" forever, you trash the tape and heads).
It is also easier for the bank to just put it on a weekly exchange of the tape, then they do not have the possibility of running out of tape unpredictably based on ATM activity.
They usually have 15 to 30 weeks rotation of the tapes because it can take that long for them to find out that there is a problem with the account (three or more billing cycles).
Myth: There is a microphone, recording audio.
Fact: Very few VCRs can record audio. Of those, even less are ever used for audio. Audio recording only works in the 2-hour or some 12-hour/24-hour speeds, on some VCRs. The banks do not use this feature. Some convenience stores however, do record audio to ensure ABC compliance.
Some Other Camera Facts
Most cameras now have Charge-Coupled Device (CCD) all electronic imagers. This makes the cost and maintenance go down in comparison to the Vidicon tube cameras, but at a loss of resolution.
Typical resolution for CCD cameras are:
- Black & White 2/3" imager: 512 x 492 pixels, 380 horz. lines
- Black & White 1/2" imager: 800 x 500 pixels, 570 horz. lines
- Black & White 1/3" imager: 512 x 492 pixels, 560 horz. lines
- Color 1/2" imager: 512 x 492 pixels, 330 horz. lines
- Color 1/3" imager: 752 x 852 pixels, 480 horz. lines
Some Other VCR Facts
VCRs in use are Beta, SuperBeta, ED-Beta (NEC), VHS and Super VHS (NEC, Sony, JVC, Panasonic, and many re-manufactured consumer decks), and a few 8 mm's thrown in from Sony.
The Beta decks run at an odd fundamental speed (Beta 1.5 hour) and have same-angle heads (you can-not play your consumer Beta). The early VHS decks also had same-angle heads, and could not play your consumer tapes. The newer VHS/S-VHS decks have consumer compatible 2- or 4-head, and can play your two hour VHS tapes, but very few will play your six hour tapes (again because of the odd fundamental speeds). All use L500/T120 tapes. The L750/T160 tapes get eaten by the machines.
Tapes are good for about 10 to 20 passes before they are scored from the drum. The drums are good for 12 to 18 months if good tape (double-coated, not too many passes) is used.
The decks cost the bank between $1800 and $2600. Many are RS-232C remote controlled, for programming/searching the tapes.
Typical resolution for VCRs is:
- Black & White: 350 horz. lines
- Color: 240 horz. lines
They will record color, but resolution and identification is better if you don't waste it on trying to reproduce color. Color cameras cost bucks too. Most cameras installed now are CCD.
Camera Hacks
Walk up to camera with the sun behind you.
The auto-iris lens usually cannot adjust for the bad contrast. Some cameras have image enhancers to fix such contrast problems, but they work only if the white-to-black area is about 3:1 or 3.5:1.
Walk up from the side.
If you cannot see the glass of the lens, it cannot see you. Walk up to the camera with a bright light glaring right into it. The auto-iris will try to shut it out.
Cover the lens with cellophane.
If it looks fuzzy and out of focus to you... This has the added benefit of being unnoticed.
ATM Hacks
Myth: All the data is encrypted.
Fact: Some of the data is encrypted, just a few fields.
Myth: ATMs use dial-up lines.
Fact: ATMs use direct-connect, multi-point, or multi-drop phone connections. Some are connected via satellite links, called VSAT. Some ATMs can be used in a dial-back (ATM calls host) connection, for temporary sites, but not "temporary" sites as "permanent" as the fair, etc.
Myth: You could hack the modem line and make the ATM give you money.
Fact: The reason on the grand scale is protocol (typically SDLC/SNA, BiSync, or Async Poll/Select). These protocols exchange message numbers with each packet, so you would need to "become" the host after learning the sequences "right now," get the ATM to request from the host your withdrawal, emulate the proper encrypted sequence, based on the encrypted request, sequentially in real-time.
There is no way for the host to "tell" the ATM to spit money. The host just grants approval for the request. ("Can I give this customer three $20's and a $10?" "...Sure!") Your next problem would be the audit trail kept in the ATM.
Some Other ATM Facts
If you disconnect the line, the ATM shuts down as if the service key was turned. Depending on the network, when you restore the line, reconnection can be automatic or need to be enabled by the host.
Those that speak of accessing the ATM when it is not communicating with the host are correct, to an extent. It all depends on the network and the software loaded (local approval for bank-owned accounts only, typically).
No, you cannot easily get into the vault of the ATM. I have seen them dragged off of walls with tow trucks (he ended up dragging it for about two blocks), they have been blown up (enough force to pop them also toasts the cash). They have however been cracked just like any other safe.
Typically, they are just attached to the floor, sticking out the hole in the wall.
Cash on hand is less than $70k fully loaded with $20 in a machine that has two bins, but usually they are a mix of two denominations.
The cash bins look like tall ammunition cases, and are also locked, and then locked into the machine (takes two keys even after the vault is opened). The bins have the feed mechanism built in, so when locked, they're sealed from "coat hanger" prying.
If a card is captured, it is not "eaten, munched, or trashed." It is just tossed into a Tupperware bin.
The deposit envelopes are checked only by humans for content; the machine cannot do this. The deposit envelopes are printed with the audit trail as they are accepted into the machine.