ATM Security, Compliance and Managed Security Services

on "November 06, 2020 2:30 pm"

Let’s take a quick glance at a typical member journey at the ATM and how security must be present throughout. 

DN Logo V Large 72 dpi White Background
A League Business Partner Since 2016

The Member Journey – Where End-to-End Security is Table Stakes
Your credit union is likely well aware of the need to provide the best user experience regardless of whether it’s face-to-face, at an ATM or through some other digital interaction. Member-centricity is king and it will pay dividends in today’s credit union environment.

But even having the best user experience will not offset the damage if the member’s data is unsecure and consequently, hacked. In every user experience, security must be at the heart of it all—securing the entire journey and maintaining trust with the member. Recent surveys have shown a business will lose a third of its customers following a security breach. 

Let’s take a quick glance at a typical member journey at the ATM and how security must be present throughout. 

It Starts with a Safe Space
Securing the member journey begins even prior to using the ATM. Walking or driving up to the ATM in a dimly lit alley or dark corner never brings good feelings or confidence. There are some important considerations when designing a safe space to conduct an ATM transaction, such as: 

  • Create measures limiting access to only member cardholders 
  • Install surveillance in and around the ATM, good lighting is key 
  • Consider physical protections such as, intelligent alarming 
  • Implement a secure ATM design and installation including, anchoring bolts
  • Utilize an ATM designed to securely separate its cash slot from the safe


The Transaction 
Once at the ATM, the member initiates the transaction by inserting their card and entering their PIN. How many times do members worry about things like, “Did a hidden skimmer just take my data?” or “Oh no, I didn’t cover my PIN while typing it!” while using your ATM? 

Implementing the highest level of skimming protection available and the latest Payment Card Industry (PCI)-compliant PIN pads and shields are low-hanging fruit to protect the initial transaction. More modern ATMs with a design that includes elements such as, illuminated privacy wings and awareness mirrors, are great additions as well.

Data’s Long Journey
Cardholder data is then transmitted through the ATM, and out into the world through routers, switches, and networks. The member’s confidential data travels all the way to the host system and to the FI’s server. The FI and host confirm the identity and the credit union’s core processing validates the transaction, finishing the transaction at the ATM by dispensing the required amount of cash to the member.

Through the whole transaction—which happens in seconds—it’s vital that you ensure the ATM has encrypted communication running on all its critical components within the machine (PIN pad, PC, EMV card reader, cash modules, and alarm card), implementing TLS encryption and MACing for data traveling outside the ATM, so cardholder data can’t be intercepted, stolen or even manipulated.

Security must be a top priority – but with the right partner, tools, and strategy, holistically protecting your consumers’ data is possible. Diebold Nixdorf is an advocate of a strategic, multi-layered approach that serves two functions: one, it provides back-up protection in the case of an attack, and two, it ensures that your fleet is protected no matter what form the attack takes. While every credit union’s needs are different, there are a few basic guidelines that can help ensure your data and systems remain secure.

Evaluate your IT security team’s approach to ATM security.
A traditional IT department at a financial institution (FI) may be tempted to treat the ATM channel as if it’s just a group of oversized PCs. Perhaps up to 80% of the policies and security tactics are comparable, but the other 20% can be a huge problem. The ATM is an unattended terminal running 24/7, often “out in the wild.” Its requirements are dramatically different. For your ATM security, this means that the security guidelines which have been created for your office PCs are not 1:1 applicable for ATMs. Your ATMs can – and should – be talking to only two or three dedicated systems, and nothing else. There is no need for them to talk to an arbitrary web or file server. An ATM network should be almost entirely locked down and restricted to the crucial connections. Attacks such as jackpotting and skimming can usually be thwarted in an early stage with this type of highly protected network.

Lock down your ATM. 
In a similar way, the software running on an ATM is well-defined and only has a limited number of predetermined tasks to fulfill. There is the consumer-facing application that also talks to the authorization systems, some operational tools – and that’s it. This means that every other functionality can be blocked, effectively locking down the ATM and reducing the attack surface considerably.

Diebold Nixdorf’s Vynamic Security Suite (VSS) has been developed to meet these specific demands. It is designed to operate in a self-service environment, with integrated tools that ensure the same look and feel, the same interface, the same run time, and blanket protection across an entire network. It also allows for remote distribution of updates such as software patching if you are a Managed Services customer. And because it was developed in-house, FIs can feel confident that the maintenance and updates ensure protection against the latest security threats.

If you want to relieve your teams of the burden of keeping on top of self-service security, you can rely on Diebold Nixdorf’s Managed Security Services. Their end-to-end fleet services meet ever-evolving ATM security requirements and ensure compliance with relevant regulations such as PCI DSS. As security threats become more global and move more quickly, FI networks have to be protected by the most up-to-date security measures available.  DN’s Managed Security Services offer valuable multi-layered protection and real-time information that ensures they have the visibility to keep FI networks secure, protected, and available while providing the information to assist with your ATM security audits. 

The FI Perspective
The FI must prevent data from being compromised at every step of the journey to ensure a safe round trip. Making sure all software components, from firmware to the application software (including operating systems), are up-to-date with the latest security patches and updates is essential. These will make sure that known vulnerabilities and attack scenarios are addressed. But that’s a reactive policy. Putting a proactive security policy in place, and addressing so-called Zero-Day vulnerabilities, has become a must. Deploying the correct end-point security solution together with the appropriate monitoring solutions, to look not only at the security solutions but also at hardware, terminal behavior and maybe correlating received events helps move the needle toward a more comprehensive approach.

Be Prepared
Your members demand a better user experience and they expect a SECURE user experience. As we see criminal attacks continue to occur and the sophistication of such attacks continue to increase, so should your security posture. You need a globally proven security provider who has the experience, knowledge, and expertise to help you in protecting and maintaining the trust in your member’s journey—starting from where it takes place, to the transaction itself, and the entire end-to-end processing. For more information on ATM security and compliance, watch DN’s most recent webinar that reviews existing and upcoming critical industry mandates to ensure the security of your self-service channel.    

Powered by DN AllConnect Services℠, Vynamic Software, DN Banking Hardware, and more than 160 years of security experience, DN experts help manage the highly complex world of security networks for FIs around the globe.

Interested in ensuring that your security is air-tight? Contact Diebold Nixdorf today or reach out to Bob Makahilahila for assistance. Let’s take a look at your network and identify vulnerabilities now, before it’s too late.

About Diebold Nixdorf

Diebold Nixdorf, Incorporated (NYSE: DBD) is a world leader in enabling connected commerce. We automate, digitize and transform the way people bank and shop. As a partner to the majority of the world’s top 100 financial institutions and top 25 global retailers, our integrated solutions connect digital and physical channels conveniently, securely, and efficiently for millions of consumers each day. The company has a presence in more than 100 countries with approximately 22,000 employees worldwide. Visit www.DieboldNixdorf.com for more information.