Security, as it relates to ATMs, has several dimensions. ATMs also provide a practical demonstration of a number of security systems and concepts operating together and how various security concerns are dealt with.

Early ATM security focused on making the ATMs invulnerable to physical attack; they were effectively safes with dispenser mechanisms. A number of attacks on ATMs resulted, with thieves attempting to steal entire ATMs by ram-raiding.[29] Since late 1990s, criminal groups operating in Japan improved ram-raiding by stealing and using a truck loaded with a heavy construction machinery to effectively demolish or uproot an entire ATM and any housing to steal its cash.

Another attack method is to seal all openings of the ATM with silicone and fill the vault with a combustible gas or to place an explosive inside, attached, or near the ATM. This gas or explosive is ignited and the vault is opened or distorted by the force of the resulting explosion and the criminals can break in.

Modern ATM physical security, per other modern money-handling security, concentrates on denying the use of the money inside the machine to a thief, by means of techniques such as dye markers and smoke canisters.

Transactional secrecy and integrity

The security of ATM transactions relies mostly on the integrity of the secure cryptoprocessor: the ATM often uses commodity components that are not considered to be "trusted systems".

Encryption of personal information, required by law in many jurisdictions, is used to prevent fraud. Sensitive data in ATM transactions are usually encrypted with DES, but transaction processors now usually require the use of Triple DES.

Remote Key Loading techniques may be used to ensure the secrecy of the initialization of the encryption keys in the ATM. Message Authentication Code (MAC) or Partial MAC may also be used to ensure messages have not been tampered with while in transit between the ATM and the financial network.

Customer identity integrity

There have also been a number of incidents of fraud where criminals have attached fake keypads or card readers to existing machines. These have then been used to record customers' PINs and bank card information in order to gain unauthorised access to their accounts. Various ATM manufacturers have put in place countermeasures to protect the equipment they manufacture from these threats.

Alternate methods to verify cardholder identities have been tested and deployed in some countries, such as finger and palm vein patterns,[35] iris, and facial recognition technologies. Cost of integrating and implementing these technologies along with concerns about consumer acceptance have limited their deployment so far.

Device operation integrity

Openings on the customer-side of ATMs are often covered by mechanical shutters to prevent tampering with the mechanisms when they are not in use. Alarm sensors are placed inside the ATM and in ATM servicing areas to alert their operators when doors have been opened by unauthorized personnel.

Rules are usually set by the government or ATM operating body that dictate what happens when integrity systems fail. Depending on the jurisdiction, a bank may or may not be liable when an attempt is made to dispense a customer's money from an ATM and the money either gets outside of the ATM's vault, or was exposed in a non-secure fashion, or they are unable to determine the state of the money after a failed transaction. Bank customers often complain that banks have made it difficult to recover money lost in this way, but this is often complicated by the Bank's own internal policies regarding suspicious activities typical of the criminal element.

Customer security

In some areas, multiple security cameras and security guards are a common feature. The NY State Comptroller's Office has criticized the NY State Department of Banking for not following through on safety inspections of ATMs in high crime areas. http://www.osc.state.ny.us/press/releases/oct07/100407.htm

Critics of ATM operators assert that the issue of customer security appears to have been abandoned by the banking industry; it has been suggested that efforts are now more concentrated on deterrent legislation than on solving the problem of forced withdrawals. At least as far back as July 30, 1986, critics of the industry have called for the adoption of an emergency PIN system for ATMs, where the user is able to send a silent alarm in response to a threat. Legislative efforts to require an emergency PIN system have appeared in Illinois, Kansas and Georgia, but none have succeeded as of yet.

The lack of hard statistics about violent ATM crime makes it difficult to make an objective determination about how much effort should be made regarding detterent methods such as cameras, landscaping, emergency PINs, etc. However, these statistics are, in fact, quite easy to obtain. Normally, the crime statistician will use either the felony code section as an index number or the new National Incident Based Reporting System codes to track crime patterns, (NIBRS). However if the police agency has a master list of ATMs in the community, then all that the analyst needs to do is overlay that list of addresses against robberies, attempted robberies, abductions, home invasions, carjackings, rapes and murders and all incidents connected to an ATM address will be pulled up by the computer.