Blog: Securing the ATM Channel...Approaching and Overcoming the Challenge

Neglecting ATM security is a risk to a financial institution (FI) and to its reputation. According to the recent NielsenIQ International Retail Banking Consumer and Technology Survey of 12,000 people across 11 countries, 10% of consumers experienced an ATM security breach or became aware of one over a period of 12 months. Ninety percent reacted by leaving their bank or reducing their engagement, sharing the experience with family and friends, or filing a complaint. This data shows that far too many FIs operate a self-service network that has security holes, and that the associated risk in terms of brand reputation and financial loss is far too high. However, there are many measures that can be implemented to avoid vulnerabilities and loopholes in security processes, management and monitoring. The key to success to run a highly-secure channel is to secure not only the ATM, but also the entire ecosystem around it.

Safeguard Against Physical Attacks
Attacks can target the entire ATM or individual components. This is why a variety of countermeasures are needed to mitigate risk to the terminal and the assets it contains.

• Activating alarms and sensors with monitoring allows detection of unauthorized attempts to access ATM components.
• Video surveillance captures suspicious activity around the ATM in real time, allowing immediate response to attacks, mitigation of fraud attempts and retroactive evidence to assist authorities in investigations.
• A reinforced ATM chassis with hardened steel panels, cable hole caps and additional locks is very effective at deterring attacks.

Prevent Unauthorized Activity
Hacking, viruses and more insidious technologies are a growing threat to ATM fleets, even if they are less visible than physical security breaches. All data must be protected so that it cannot be intercepted or manipulated.

• Block malware from executing, manipulating and interacting with the ATM’s services and devices through application sandboxing and system integrity monitoring.
• Implement “Need to Know” and “Need to Have” Operating System hardening and user role/privilege management, protecting against fraud perpetrated through unauthorized access to ATMs.
• Protect against access to ATM hard disk with hardware-paired hard disk encryption and boot process protection; defending against data manipulation while the terminal is at rest, and/or hard disk removal.

Secure with Proactive Protection
Ensuring that consumers’ assets (cash and data) are safe, systems are intact and your reputation is secure, requires a concerted effort. You must constantly update and keep a record of current configurations.

• Address all compliance requirements, including end-to-end lifecycle management of local administrator Windows® passwords.
• Simplify the process of maintaining compliance by regularly performing comprehensive audits (PCI DSS, EMV, ISO 27001)
• Streamline the information into one comprehensive, centralized system that provides the most up-to-date inventory of your fleet devices, hardware and software components.

There is no need to incur capital and operational costs to set up, maintain and run a 24/7, secure, PCI-compliant ATM channel. Leveraging a unique, global security knowledge base and scale, Diebold Nixdorf helps financial institutions across the world develop an ironclad strategy built on a flexible, modular, multi-layered approach. As a hardware manufacturer, software developer and service provider, we are expertly positioned to offer a holistic security framework. We detect physical and logical attacks in real time and help defend our customers’ self-service network from jackpotting, malware, host spoofing, denial of service and transaction reversal fraud. They can also benefit from intrusion protection, anti-skimming solutions, encrypted PIN pad serial number tracking and retrieval. Our global security surveillance activities enable us to discover new threats earlier, and implement protections more quickly, constantly futureproofing the safekeeping of your ATM channel and of consumers' card data. Read more about DN AllConnect Security Management Services^SM.