There is no such thing as “out-of-the-box” security.
No matter what type of self-service terminal or device you have, I am sure you performed a risk assessment against the current threat landscape to determine what multi-layered security approach implementation best fits the needs of your fleet.
But consider this: How long do those multiple layers continue to protect your devices, especially if left on their own? Terminal security is a 24/7, 365 days/year job, and it requires the proper management tools and resources.
As we all have heard, criminals are getting more sophisticated in their attempts to obtain cash or personal information that could deliver value. If you have a 10-foot wall, they will build an 11-foot ladder; if you build it higher, they will build a bigger ladder. That is why your organization’s self-service environments must be properly and continuously protected.
Take passwords for example:
Since the invention of personal computers, even the most basic terminals have always required passwords to keep them safe from unauthorized users. Just like a lock, passwords protect against various forms of intrusions. While they may not be able to stop all unauthorized accesses, passwords are still effective as a first line of defense.
One common mistake we often see is financial institutions that do not change the default password for the ATM computer. As an ATM manufacturer, we set a password for each terminal. However, like all manufacturers in the industry, it is typically a standard default that can be found in our owners’ manuals as well as online. So, right out of the box, if proper governance is not followed, one layer in your terminal’s multi-layer security is at risk.
There are ways to avoid compromising passwords – and it must be avoided since internal fraud (intentional or accidental) is one of the primary contributors to attacks.
There are both on-premises software solutions and managed services to improve the ATM security of your fleet and operation. Let’s have a look at what you can do with them:
Among other things, access protection safeguards your systems by controlling user actions and access information while allowing controlled access for technicians with an innovative password-less authentication. Such solutions eliminate the need to share any Windows user account or administrator password with technicians or operative users. Instead, they may provide instant privileges to technicians with a unique mobile app or with a quick call to the help desk.
You can further improve the security of your self-service channel by adding a BIOS management solution. This enables single or multi-device remote changes of the BIOS password. With such proper password management, the authentication information required to log into the ATM’s BIOS remains secure and trustworthy.
Managing your passwords in a self-service environment can be very time- and resource-consuming. You may decide that password management services are a better fitting option and more cost-efficient. In either case, properly maintaining passwords on your fleet could be the difference between stopping the next cyberattack targeting your terminals or a major payout for an attacker due to default or insecure passwords. Complex passwords that are frequently changed are a basic requirement for all corporate-issued computing devices across all industries, self-service devices should be no different.
We know the bad guys are out there. We see them everywhere, almost every day. The only way to ensure your data is properly secured is to combat them with proven tools and governance from a trusted partner. Proper password management is a relatively simple solution that can have a huge impact on the overall security of your ATM fleet.
Implementing more secure processes and procedures is an essential step in securing your self-service channel and Diebold Nixdorf offers both software and services to help you achieve this. However, there are other steps you need to take to ensure your network remains as secure as possible. Would you like to learn more? Get our guide on
the 7 shields to protect the self-service channel orcontinue reading the next blog in the series on
cybersecurity.