"A fundamental change in the technology and the processes used to drive ATMs and networks today."
This is how NCR Corp. marketing director for ATM software Robert Johnston sums up Kalpana, the company's new thin client ATM solution. The company premiered Kalpana at last week's ATMIA US 2015 Conference and Expo at Caesars Palace, Las Vegas — not in an exhibit space of its own, but in the Cardtronics booth, where the solution was demoed on an NCR CX110 cash dispenser, the same model that Cardtronics is using in its forthcoming rollout of the thin client technology in pilot tests.
"Rollout" is the operative term that differentiates Kalpana from previous permutations of ATM thin client technology, Johnston said in an interview with ATM Marketplace.
"[W]e've seen the deployers over the years come out with some pretty amazing concepts of thin client ATMs and thin client software," he said. "And either it's not true thin client — it's still relying on existing Windows-based hardware — or it's just been kind of vaporware, you know, a nice slide deck art project, but it's never gone any further."
According to Johnston, Kalpana (which is Sanskrit for "imagination") exists on an entirely different plane, as a ready-to-deploy solution — "imagination in action," you might say.
"We've gone through all the testing. We've gone through all the development and we've already got things like security certification to PCI 4.0 — we're the first in the world to do that," Johnston said. "And we're EMV compliant, so all that's already in place ... we're a world away from any of the other thin client concepts that have come to the media recently."
Thin client vs. fat client
Today the average ATM is a "fat client" (aka "thick client") Windows-based system — in effect a robust PC running a software stack, antivirus protection and various other agents. Each of these is fairly complex, with management done by separate systems.
"What happens with Kalpana is all that capability is now in the enterprise server, and the CX110, which is the piece of thin-client hardware that goes with it ... It has a minimal software stack on it," Johnston said. "All it's got is enough to securely run an operating system, which, on this operating model happens to be Android. And really, that's all that's there."
Every transaction and service the consumer sees on the ATM monitor is provided through enterprise, Johnston said. And anything that happens on that thin-client CX110 has to be signed off by the server. So nothing can happen there that's not seen or controlled by the server.
This means that malware-driven jackpotting exploits such as Ploutus, Padpin and Tyupkin — all of which require hard disk access at the machine level — can no longer be carried out by cyberthieves. No hard drive, no hard drive tampering.
"So it removes all of the malware, virus threat and all the rest from the client," Johnston said. "The results are then a much easier management profile because through that server, you can see everything that happens on the ATM.
So you've got immediate telemetry. You can see the cash flowing through the ATM, so you've got real time reconciliation capability, you've got much more comprehensive dispute resolution through the management tools which are on the server."
But ... why Android?
While Android apps have been known to have some security issues in the Google Play world, Johnston said that the open source platform does not have these susceptibilities in Kalpana. NCR's choice of the platform was based on this and a number of other considerations, he said.
The first of these was that Microsoft doesn't offer a thin client option for Windows, which got the long-used ATM OS scratched off the list in short order.
This left NCR with a limited range of OS choices. One of the other "hot favorites" currently getting attention in the ATM world is Linux. However, Johnston said, that platform has "a slightly confused and disjointed distribution strategy."
Also, he said, NCR wouldn't have had the desired degree of control over the current thin client versions.
"Particularly in the security," he said. "We felt that the security was much tighter with Android. And in Android, we have control of the source code as well, so we can execute the updates in there that will traverse through different and future variants of Android. We won't have to build the whole thing every time ... "
Johnston noted that because the system NCR developed is agnostic, the architecture will allow the introduction of other operating systems time in the future without substantial changes on the server side.
Importantly, he said, NCR understood that operators were not going to switch wholesale to Kalpana, but would blend it into the network over time. So the company developed Kalpana to operate alongside an existing network in harmony, with resources shared between the two.
This means that transactions and services created for the Kalpana ATM environment can also be pushed out to the existing Windows-based thick client ATM fleet. And while the two networks won't work in precisely the same way, having this bridge between them enhances network efficiency, Johnston said.
And why thin client?
In addition to its security advantages, the Kalpana platform also delivers substantial cost benefits to the deployer, Johnston said.
"It dramatically takes down the cost of just running the system, and the management tools which are in there again dramatically reduce cost because everything happens quicker, everything happens in real time ... "
NCR worked with a number of customers to validate potential cost savings of running a cash dispense fleet with Kalpana, coming up with a cost reduction range of 27 percent to 40 percent, "which is huge," Johnston said.
"Typically a new feature will come to the market in the industry and it will be a 3 to 5 percent cost reduction ... and so based on the numbers we have, we believe that on a typical cash dispense network, say you had about a hundred cash dispensers, you'd be saving somewhere between around $540,000 and $800,000 a year."
Of course, there would be the upfront cost of putting a server in place, and setting it up to run Kalpana (with assistance from NCR). Nevertheless, Johnston said, the company estimates that the return on investment will be very rapid. What's more, he said, once the server is deployed, adding new ATMs to expand the network is essentially a plug-and-play proposition. Additionally, he said, the thin technology allows a deployer to connect to other channels, such as mobile, Internet and so on.
"So I think they'll be using the network technology in Kalpana to do that as well as deploying ATMs. The TCO advantage and the security advantages on the ATM are so strong that I think we'll see a fairly quick drive to start deploying these as existing cash dispense solutions come to end of life."
Though the initial pilot is with an IAD, Johnston said that NCR's thin client concept is really aimed to serve the entire ATM industry.
"The hardware piece we've got to go with it currently happens to be a cash dispenser. But in time other [devices] will join the range and will apply to all sorts of applications," he said. "And similarly, I think the benefits of this platform — of the enterprise software element and thin client combination — go way beyond just what will be good for Cardtronics in terms of line costs. I think in a bank environment the benefits could become even greater and with the ability to escape some of the legacy technology constraints that banks are challenged with today, and also the security aspects that become available to a bank when they deploy this technology."
photo courtesy john spade | flickr
/ Suzanne’s editorial career has spanned three decades and encompassed all B2B and B2C communications formats. Her award-winning work has appeared in trade and consumer media in the United States and internationally. She is now the editor of ATMmarketplace.com and BlockChainTechNews.com