CFOtech Australia - Technology news for CFOs & financial decision-makers
Australia

Guides

#
artificial intelligence
#
data analytics
#
digital transformation
#
fintech
#
health technologies

Search

Nighttime atm suspicious face glow hooded smartphone windows ui
#
Endpoint Protection
#
Physical Security
#
Supply Chain

AI-driven scams & Windows 11 reshape ATM crime risk

Fri, 16th Jan 2026
Author image
By Sean Mitchell, Publisher

Auriga has warned that ATM attacks are shifting towards manipulation of legitimate transactions, with criminals using social engineering and AI-enabled scams alongside physical tampering.

Nestor Santolaya, a Cybersecurity Product Expert at Auriga, said criminals now combine older methods with tactics that target customer behaviour and operational processes around cash machines.

Fraud tactics

Over the past year, attackers have moved beyond card skimming, according to Santolaya’s assessment. He said recent incidents show more attempts to interfere with ATM operation or to persuade customers to authorise fraudulent activity themselves.

He pointed to physical methods that block cash dispensing or trap cards. He also cited smartphone malware that clones payment data. He described identity impersonation as a growing factor in ATM-related crime.

Santolaya also highlighted phishing that targets ATM users. He said attackers increasingly tailor messages and scenarios. He described this as “especially highly targeted AI-enhanced phishing designed to trick customers into completing fraudulent transactions without realising it.”

Supply chain

Santolaya said these threats extend beyond consumers at the machine. He said the same social engineering techniques now target the operational supply chain that services and maintains ATM fleets.

He cited fake maintenance requests and false cash replenishment alerts as examples. He said other social engineering approaches target staff and third-party partners involved in ATM operations.

“This shift reinforces the human factor as the weakest link, affecting not only ATM users but also the entire supply chain, which is now being targeted through fake maintenance requests, false cash-replenishment alerts, and other forms of social engineering,” said Santolaya.

He said 2026 will put greater emphasis on customer awareness and on verification processes for service activity and operational requests. He said criminals will continue to use AI to amplify social engineering techniques.

Systems refresh

Auriga also expects technology change inside the ATM estate to shape the threat landscape. Santolaya said banks increasingly view ageing 32-bit embedded systems as a growing risk. He linked this to the industry’s preparations for a future date-related computing problem that will affect some older systems.

“Banks have become increasingly aware that 2038 is not far away, and the new "Y2K-like" problem will inevitably affect many ageing 32-bit embedded systems long before the deadline arrives,” said Santolaya.

He described a rise in large-scale migrations to Windows 11 for ATM deployments. He said this operating system is becoming a standard choice for new rollouts and refresh programmes.

Santolaya said a move to Windows 11 changes the security baseline. He said it mitigates some established attack vectors. He also said attackers will adjust and look for weaknesses in new deployments.

“In response, the industry has seen a surge in large-scale migrations to Windows 11, which is rapidly becoming the new standard for ATMs. This shift helps mitigate classic attack vectors, thanks to better security features and improved support, but it will undoubtedly create new vulnerabilities and opportunities for attackers, who will adapt their techniques to exploit weaknesses in these modern deployments,” said Santolaya.

He said defenders will need to harden new ATM fleets quickly and reduce exposure to zero-day attacks. He said criminals will test new approaches as Windows 11-based machines become more common.

Regulatory pressure

Santolaya said regulation now plays a larger role in ATM security work. He said organisations face multiple frameworks and obligations. He said this can slow changes to security tooling and processes.

He said companies face a challenge when they deploy or update cybersecurity solutions. He said they need to move quickly while meeting compliance requirements.

Santolaya said ATM security will increasingly depend on modernised compliance processes. He said operators and technology suppliers will need resilience in their approaches. He also said they must not weaken security levels while they make compliance changes.

He contrasted this environment with the freedom criminals have when they develop tools and tactics. He said attackers face no regulatory constraints. He also said AI tools can shorten development cycles for malware.

“However, unlike defenders, attackers face no regulatory constraints, and with the help of AI they can develop custom ATM malware families tailored to new models and architectures at unprecedented speed, widening the gap and reinforcing the need for a strong, regulation-aligned but highly agile defense strategy,” said Santolaya.

Santolaya said 2026 will bring more emphasis on user awareness, verification steps in service chains, and secure deployment practices for refreshed ATM estates as attackers experiment with new techniques against modernised machines.

Related stories
The economy is the collateral: Why revenue reliability is the real requirement for growth in 2026
MYOB ANZ partner award winners reflect diverse ecosystem
Big consultancies linked to failing public IT projects
Unlimit names Michele Fung as new head of Asia Pacific
CBA warns young Aussies of fake job and dating scam losses

Top stories

Bitget unveils GracyAI avatar to guide crypto users
Client focus & AI adoption shape Australian law firms
Human skills top workplace learning priorities for 2026
eBPF report shows efficiency, security gains at scale
Love at first byte: The infrastructure behind your Valentine’s match