Jackpotting is a growing global threat with financial and reputational impacts. A new CEN/XFS standard, End to End Cash Authentication, aims to close security gaps and protect ATMs from these types of attacks.
| Andi Coleman Information Security Officer, Bank of America |
Matthias Runowski Director R&D Security, & David Powell Product Management, Diebold Nixdorf |
|
|---|---|---|
| Why should FIs consider using E2E cash authentication? | The cash dispenser’s inability to authenticate dispense requests is a weak link. Even with secure ATM and host channels, attackers can bypass protection with malware or black box devices. | E2E protects cash transactions by authorizing and authenticating them at the host level, reducing reliance on local defenses and improving protection against various attack types. |
| Will E2E be a significant enough benefit to encourage FIs to undertake these changes? | E2E requires updates to ATM apps, dispensers, and hosts. Consistent implementation is key to prevent replay attacks and ease adoption. High-risk FIs will likely adopt it first. | Leading FIs seek efficiency and innovation. The new CEN E2E standard offers security improvements against rising attack types that were not practical before without standardization. |
