Blog: ATM Security: The Value of Hard Disk Encryption Technology

The demand for cash is 24 hours a day, 365 days a year — and, where there is demand, there are ATMs. However, wherever there are ATMs, there is also the threat of crime.

Crime can be in the form of physical attacks, such as blowing up a safe or actually stealing a terminal. Or it can be invisible, bigger threats: stealing sensitive consumer data or injecting malware into the ATM. Should a criminal get access to the information conveyed through a self-service terminal, it could lead to losses. Financial loss, of course, but also loss of trust and confidence from your consumers.

At Diebold Nixdorf, we help you lock down your ATM hard disks so thieves can’t get the access they desire. Our Vynamic™ Security Suite uses hard disk encryption technology (HDE) to ensure that data can not be tampered with, whether it’s “in motion” or “at rest.” Most financial institutions (FIs) manage encrypting payment card data in motion very well, meaning it’s protected during the transmission across the networks, but they often overlook some of the finer details of data at rest on the self-service terminal itself.

The Payment Council Industry Data Security Standard (PCI DSS) defines data at rest as information sitting on a hard drive. And since data is held on a disk at the self-service terminal, this data needs to be encrypted — meaning it can’t be easily obtained or read without authorization, or, for that matter, manipulated in any way.

So how well are you doing with encrypting data at rest … and are you thinking about all the data that is at rest in your self-service device?

Think about these examples:

• When a customer deposits a check, an image is taken. Is this image kept in a raw JPG file format on your terminal’s hard drive? If so, we make sure images (and all other data on the drive partitions) are encrypted, and that after transmission to the image processor, the images are properly deleted, while the check itself is stored in a controlled safe.

• What about card data during the transaction? The PIN on self-service devices is encrypted at the keyboard level through PCI PTS-compliant EPP keyboards. But the data read off the inserted card with the encrypted PIN is held on the disk. We can help ensure that this data is not overlooked, and gets encrypted.

• Or what about this one — it tends to raise some eyebrows. Have you sold any of the ATMs in your fleet? If you did not have an encrypted hard drive, did you follow the best practice of destroying the disk rather than putting it out in the open with a new owner?

• A fraudster attempting to jackpot your terminal needs to copy his malware to your ATM's PC will need access to your terminal's hard drive. We protect against such unauthorized access by ensuring military grade full disk encryption agnostic to the hardware vendor

Keeping sensitive consumer and bank data secure and adhering to PCI security standards does not have to be a challenge. It requires partnering with a company that understands the ins and outs of those standards, and has the tools and expertise to ensure you are fully compliant and up-to-date. Diebold Nixdorf can help — let’s start a conversation today.