The Definite Guide To Change Machine And Vending Machine Scams

Cash and vending machines are prone to security breaches and outdated cash machines are especially vulnerable. If you’re the owner of a cash or vending machine you must acknowledge the most common security concerns to update or replace your machine. If your machine is located in an isolated area and left unmonitored, it could be drained of the merchandise or cash inside it.

Depending on the security level of the machine, it might not require security upgrades. This is valid for newer machines built during the last 10 years – they are far more secure than older machines. Older cash machines can be broken into due to failures in the security mechanism that register coins, codes or notes.

Different Brands of Cash and Vending Machines

Different Brands of Cash and Vending Machines
  • Coin-operated machines
  • Paper cash machines
  • Credit card/debit card machines
  • Contactless NFC machines (the newest kind, that work with Apps)

In Hollywood movies, vending machines are made to seem as if a hacker can enter a “code” and the machine spits out dollars like an ATM. These are actually not-so-secret codes left by manufacturers as a production flaw.

Certain machines were mass-produced for the market and the manufacturer employed test codes to test the functionality across the board. Those same codes are used by scammers to drain the machine of change and/or get free drinks.

If you operate a machine by a popular brand such as Coca Cola, Pepsi, Nesquik or similar, your machine can easily be violated using a simple access code that the manufacturer left by accident. Vending machines are not broken into by professional criminals but usually children or college students who learn about security breaches on keypad machines.

CIA operatives made the news once they actually hacked into their local agency vending machines and stole over $3000 worth of snacks. The CIA spies weren’t jailed or punished for the feat and they were actually celebrated at the agency, as they successfully “hacked” a vending machine and achieved what we all dreamed of as kids: to get endless free snacks.

The CIA operatives were let free. However, what happens if you run a cash machine and your machine is drained by a scammer? You must test out your own machine by trying to break into it yourself. If the machine is secure despite the methods listed below, you can leave it without supervision.

Pro Tip: Hack into your own machine to test your security. There is no single “code” to break into every machine. Your security will have to be adjusted based on the type of machine it is. If the machine is old (over 10+ years old), it is venerable to all popular hacks listed below.

Unfortunately, it’s hard to secure an old vending machine and the only working solution is to hire guards/security cameras or replace it with a newer machine. If you operate a coin change or paper change machine, you must place it in a very public and open space where your employees can monitor the machine. If the machine is left unattended, it can be drained by a single hacker in the span of an hour.

If the machine operates on credit/debit cards or new NFC app-powered technologies, is virtually unbreakable and will require little/no security attention. Newer machines can be left unattended without supervision and require little security attention.

Newer Security Breaches

Newer Security Breaches

Newer machines have exceptional security due to superior digitalized scanning of notes and coins. If you purchased a digital machine manufactured in the last 10 years you have little to worry about as digitized machines are safe (even if left unguarded). The unsafe machines are “older” machines, i.e. cash/vending machines that are over 10-20 years old. Those machines are deemed unsafe investments and prone to easy decade-old hacks. Replace yours now or test it for the common flaws listed below.

The same “hacks” that were popular 10 years ago are still operational on keypad machines today: classic manufacturer codes, coin pull-back methods, etc. If you didn’t upgrade your machine, it could be “hacked” by people seeking out this type of machine.

The most vulnerable locations are ones where there is no immediate guarding or security: car washes, parking lots, back alleys, gas stations or any convenience location that might require a client to pull out change at a discreet location. If you’re the owner of a change machine, consider upgrading to a newer machine to update your security to the latest standards.

Change Machine Hacks

Change Machine Hacks

Hack #1: The “Coin Pull Out” Hack

The “coin pull out” hack is the oldest trick in the book – unfortunately it still works on older machines. Older machines (both change machines and vending machines) are prone to this hack. Once the dollar bill is partially inside, the machine immediately “registers” that as a dollar amount and displays it on the screen.

The problem is that people realized they can pull back the dollar bill post-registry, and the machine still registers it as cash input. Once registered, they can get free drinks/items or directly ask for change which the machine will spit out. A single person can drain a machine in under an hour if they are left unattended.

The original version of this “hack” was to tie a coin to a string, put the coin inside the machine and then use the string the pull the coin out. Once the machine registered the coin, they hacker would take the coin out and drain the machine for change. They would repeat the process until the machine was completely drained of change. The same principle translated to paper notes – this time they withhold the note at half length until it’s registered.

Machines that take 10, 20 and 50 dollar bills are the most vulnerable because their reserves are usually on the level of an ATM. Once a scammer identifies that they can put in a 50 dollar note and the machine “registers” the note as a 50 dollar input, they can take the machine for the largest sums until its drained.

In many cases the notes scammers use are not even real, but they use an identical fake paper which they purchase on the cheap. They tie the fake notes onto a ribbon and release it into the mouth of the cash machine. Once it’s half-inside (or fully inside), the machine registers that as a legitimate note which gives way for the scammer to claim change.

This scam is very harmful to cash machine owners because the scammers don’t stop at once pull-out, but they prepare to drain the whole machine in repeat maneuvers.

Hack #2: The Change Release Code

Vending machines for popular sodas, coffee and treats that are over 10 years old can be hacked for change using select pattern code entry. The machines automatically release 4 quarters which is the equivalent of $1 once this combination is entered: The top button is pressed 4 consecutive times, then the bottom button is pressed 3 consecutive times.

This triggers the machine to spit out a $1 amount – it was used as a testing mechanism by manufacturers, but frequently abused by scammers. Test your machine to ensure this combination doesn’t return a dollar amount. The 4-3 press hack is one of the oldest hacks because most popular vending machine manufacturers used the same codes to test the change functionality of the machines, but forgot to remove the code past the assembly line.

Hack #3: The Free Drinks Codes

These old “hacks” only work on older popular machines that have old keypad styles. The codes work mostly on conventional Coca Cola, Pepsi and Nesquik machines that are widespread throughout the United States, and they’re the most common vending machines.

If you own a popular vending machine more than 10 years old, try to test out the codes below and check whether your machine will spit out change. The scammer only has to enter a code, press the change button and wait for the coins to rain! The most vulnerable are Classic Coke machines, and a simple code can bypass the cash registry system of the machine.

  • Coca Cola machine: If you own a Coca Cola Machine, be aware there is a flaw left by the manufacturer which was used for testing purposes and currently activates on all standard Coke machines: The code is 432112311. Once the code is entered, the scammer can press on the change lever and the machine immediately starts raining quarters. If left unattended, this can drain the machine of change. Test the code on your own machine to ensure you’re secure.
  • Nesquik Machines: The Nesquik code works on virtually all old keypad Nesquik models – it’s 137137137, i.e 3 consecutive “137”s. Another popular code for Nesquik machines is 44455544455, which spits out the fourth and fifth drink. If you notice your fourth and fifth drinks missing disproportionally, scammers have taken advantage of this loophole. Nesquik hacks only spit out free drinks and this is fortunate compared to Coke machines that only spit out coins.
  • Pepsi machines: Despite having the largest buttons and having a “safe” appearance compared to standard vending machines, Pepsi machines are also quite popular and on older models there is a code that spits out free drinks upon input. The Pepsi machine code is 42313214321, and this code works on all old Pepsi keypad machines. Contact your local Pepsi vending machine retailer to install a new keypad or remove the combination if you’re the owner of an older machine.
Share it
Notify of

1 Comment
Oldest Most Voted
Inline Feedbacks
View all comments