Express
Coordinated ATM Fraud Detection
Identifies the same UI progression across multiple machines with different credentials — the core fraud pattern explicitly claimed in the patent.
A centralized intelligence platform monitors ATM networks in real time — detecting coordinated fraud through behavioral pattern analysis and computer vision, then auto-deploying countermeasures before attackers can withdraw.
Each ATM processes its own transactions in isolation. A sophisticated actor can move across multiple machines in the same area — using different credentials at each — and no single ATM can detect the pattern forming across the network.
A centralized computing platform ingests live transaction data and camera images from every ATM in the network. When it detects a coordinated fraud pattern — the same UI progression across multiple machines, with different credentials at each — it automatically triggers countermeasures at the targeted ATM.
The countermeasure is precise and deliberate: the system displays a false withdrawal amount to delay the attacker, dispenses a different amount, and notifies law enforcement — all within the transaction window, before the attacker realizes what's happening.
ATMs and their cameras stream real-time data — transaction records and live images — to a central platform that maintains a network-wide view of all active sessions simultaneously.
When the platform's analysis engine detects a fraud signal, it dispatches countermeasure commands directly to the target ATM — bypassing any local decision-making that could be slower or exploited.
The platform watches for a precise combination: the same user interface progression appearing at multiple ATMs within a geographic cluster, where at least two machines were accessed with different credentials. No single signal is sufficient — all three must align.
Click Simulate Attack to see how the platform identifies the pattern across the network.
The platform receives camera images from each ATM in the network. When the behavioral pattern triggers an alert, computer vision techniques confirm that the same individual is present at multiple machines — even when captured from different vantage points or angles.
Multi-camera setups around a single ATM provide additional confirmation frames, making spoofing significantly harder.
Once fraud is confirmed, the platform sends a command sequence to the target ATM that buys time without alerting the attacker — creating a window for law enforcement to respond before the withdrawal completes.
Click each step to walk through the countermeasure protocol.
Beyond behavioral patterns, the platform can verify identity through biometric comparison against stored user profiles — including audio from the ATM microphone compared against a legitimate account holder's speech.
These additional layers catch attacks where credentials were legitimately obtained — for example, through phishing — but the physical user doesn't match the profile.
Camera image compared to stored photo profile for the account holder. Mismatch triggers fraud flag independent of behavioral pattern.
Speech captured from ATM microphone compared against stored voice profile. Works even when the attacker has valid credentials.
Secondary cameras capture the same ATM interaction from different vantage points, eliminating spoofing via photos or video replays.
The platform's combination of behavioral analysis, computer vision, and real-time command dispatch opens a range of applications across physical banking infrastructure.
Within a year of grant, this patent was cited by AT&T's research division in a filing focused on detecting suspicious online behavior — a direct extension of the network-wide behavioral monitoring concepts introduced here.