Featured Posts

ATM Security: Do’s and Don’t

15th February 2019 | By Administrator

What is an Automated Teller Machine?

An automated teller machine (ATM) is an electronic banking channel that allows individuals to complete basic transactions without the assistance of a branch representative or teller. ATMs can be accessed by anyone with a debit card or credit card.

 
ATM Security Tips
 
Types of ATMs

There are two basic types of ATMs:

  • The basic ATM units allow customers to withdraw cash and receive receipts of only their account balances.
  • The more complex ATM machines accept deposits, enable line-of-credit payments and report account information. To access the innovative features of these complex units, a user will have to be an account holder at the bank that runs the ATM machine.

Moving forward, analysts believe that ATMs will become increasingly popular and they also predict an increase in the number of ATM withdrawals. ATMs of the future are expected to become full-service terminals instead of or in addition to customary bank tellers.

ATM Ownership

ATMs are mostly owned by credit unions and banks. However, it is also possible for businesses and individuals to lease or buy ATMs, through an ATM franchise or on their own. When ATMs are owned by individuals or small businesses such as gas stations or restaurants, the profit model is centered on charging fees to the machine’s users. Banks also own ATMs with this aim, but in addition, the accessibility of an ATM is a service bank’s use to attract clients. ATMs are also known to take some of the customer service burden off bank tellers, saving banks money in payroll costs.

ATM Security

With the rise in technological advancements, operations and transactions for banks have now become stress free and easy. Banks now offer customers with enhanced services by assisting them in net banking besides their ATM services. With these enhanced services also come unfathomable security risks (a fact well known to customers and banks). In the remaining pat of this article, let’s take a look at the ATM security from a physical and logical perspective.

Banks are now focusing more on securing their customer’s interests from ATM frauds. Customer awareness is also known to contribute towards guaranteeing ATM security. This is because the most common techniques are ATM card skimming, card jamming, card swapping, ATM card theft, physical attack, ATM take away, mugging, shoulder surfing vandalism, and ATM jackpotting.

To help deal with these different types of ATM attacks, ATM security measures could be of two types: physical security measures and logical security measures.

  • Physical security measures

Physical ATM security is vital in cases where cipher keys exist in terminals. When there is no physical security, an abuser will be able to probe for a key or substitute its value. To avoid such exploitations, banks should be keen on preserving the integrity of non-secret parameters and also the privacy of secret parameters. ATM security should thus focus on protecting ATMs from physical attacks. Modern ATM security focuses on rejecting access to money inside the machine to a thief, by employing techniques like smoke canisters and dye-markers.

Other methods include:

  • Security guards
  • Central monitoring station
  • Perimeter surveillance
  • Access control
  • Intrusion detection
  • Tested and approved ATM enclosures

PCI perspective of physical ATM security

According to PCI PTS, the following factors will have to be considered for ATM security:

  • Application of dual security mechanisms
  • Controlled and monitored physical access
  • Quick incident response mechanism
  • Proper environmental and operational conditions
  • Installation of a physical shielding barrier, meaning, that you need a tamper-proof casing for the ATM and also the PIN pad.
  • Logical security measures

Network plays a vital role in the working of ATMs from the time when a customer swipes a card, enters the PIN and details are then sent to the RDBMS for validation. Usually, attackers intercept this information to execute logical frauds. The following logical security measures can help avert such incidents:

  • Firewalls
  • Encryption technologies
  • Fraud detection system
  • Protection of communication
  • Logical access control
  • Effective tracking and monitoring system

PCI perspective for logical ATM security

The following aspects should be considered when you look at logical ATM security from a PCI standpoint:

  • Acquirers, processors and other third-parties that have access to store, transmit and/or process cardholder data must comply with PCI DSS.
  • All must presently comply with the PCI DSS requirements of “Do not store magnetic stripe data, pins or pin blocks”.
  • Check ATM audit logs to make sure that only the required data are stored.
  • Remember that if your organization or parties sponsored by your organization gets compromised, you could be subject to the fines under PCI DSS, civil and statutory damages.
  • Maintain inventory of all applications and devices.
  • ATM manufactures must make sure that their devices comply with PTS d PCI PIN to guarantee ATM security. Furthermore, the PA DSS could also eventually impact all software installed on ATM devices.
  • Track all parties with access to cardholder data (excluding cable and telephone companies).

On the PCI PIN front, it is essential to implement, maintain and protect the PIN. The main items to note on this front include:

  • Periodic attestation
  • Dual control and split knowledge: Prevents identify theft and fraud
  • Use of devices that are:
  • TDES/AES encrypted
  • Tamper Resistant Security Modules (TRSM) to avoid compromise of cryptographic security parameters

Besides all of the above-discussed ATM security measures, ATM users should use a machine that is placed in a well-lighted public place. According to Federal law, only the last four digits of the cardholder’s account number should be printed on the transaction receipt so that when a user leaves behind the receipt at the machine location, the account number still remains to be secured. However, it is still essential to hide the entry of your four-digit personal identification number (PIN) on the keypad and this can be done by positioning your body and hand in such a way that the PIN entered by you cannot be recorded by store employees or store cameras. The cardholder’s PIN is not recorded in the journal, but the account number gets recorded. Hence, if you protect your PIN, you automatically protect your account.

 


ATM Security

Be Sociable, Share!
Be Sociable, Share!

Add new comment

Your name
Comment

You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Sign Up For a Free Demo

How many end users will use this secure application? (optional)