Abstract: A computer-implemented method for detecting compromised automated teller machines is provided. The method includes receiving activity data from an ATM, activity data including user input data and machine data, wherein user input data includes instructions input by a user at the ATM during a transaction, and wherein machine data is associated with processes performed by the ATM; storing operating parameter rules in the memory, the operating parameter rules configured to indicate whether the received activity data is within a normal activity range for the ATM; applying the received activity data to the operating parameter rules; generating an activity score for the ATM based on the applying, wherein the activity score is configured to indicate a likelihood that the ATM is compromised; and initiating a response based on the activity score.

Abstract: A computer-implemented method for detecting compromised automated teller machines is provided. The method includes receiving activity data from an ATM, activity data including user input data and machine data, wherein user input data includes instructions input by a user at the ATM during a transaction, and wherein machine data is associated with processes performed by the ATM; storing operating parameter rules in the memory, the operating parameter rules configured to indicate whether the received activity data is within a normal activity range for the ATM; applying the received activity data to the operating parameter rules; generating an activity score for the ATM based on the applying, wherein the activity score is configured to indicate a likelihood that the ATM is compromised; and initiating a response based on the activity score.

Abstract: A computer-implemented method for detecting compromised automated teller machines is provided. The method includes receiving activity data from an ATM, activity data including user input data and machine data, wherein user input data includes instructions input by a user at the ATM during a transaction, and wherein machine data is associated with processes performed by the ATM; storing operating parameter rules in the memory, the operating parameter rules configured to indicate whether the received activity data is within a normal activity range for the ATM; applying the received activity data to the operating parameter rules; generating an activity score for the ATM based on the applying, wherein the activity score is configured to indicate a likelihood that the ATM is compromised; and initiating a response based on the activity score.

Abstract: A computer-implemented method for detecting compromised automated teller machines is provided. The method includes receiving activity data from an ATM, activity data including user input data and machine data, wherein user input data includes instructions input by a user at the ATM during a transaction, and wherein machine data is associated with processes performed by the ATM; storing operating parameter rules in the memory, the operating parameter rules configured to indicate whether the received activity data is within a normal activity range for the ATM; applying the received activity data to the operating parameter rules; generating an activity score for the ATM based on the applying, wherein the activity score is configured to indicate a likelihood that the ATM is compromised; and initiating a response based on the activity score.