CONTINUE TO SITE »
or wait 15 seconds

Article

Software distribution: Essential, but often ignored in ATM management

Patches, software updates and general diagnostics are musts for any Windows-based ATM network.

December 10, 2009 by Dan Palczynski — Product Manager, Fifth Third Processing Solutions, LLC

Once again last night I turned off my PC, only to receive a message that four new updates were automatically downloading and my PC would shut itself down upon completion. I have no idea what these updates were, although I knew I could go out to the Microsoft Web site and find out.
 
The point is that this event was conducted automatically and remotely — the essence of software distribution.
 
Unfortunately, we in the ATM industry haven't fully embraced similar practices when it comes to the enhanced PCs we call ATMs. Why?  As the ATM migration from OS/2 to Windows gains momentum, the ambivalence to the inherent vulnerabilities of an operating system that may require updates to keep it secure becomes magnified. 
 
Fifth Third Processing Solutions conducted a survey in December 2008 to find out.
 
Survey respondents overwhelmingly reported that few financial institutions feel completely confident that they are fully protected from a security standpoint. Furthermore, an overwhelming number really did not know their internal practices for how often software or content was distributed to their ATM fleet. It's safe to assume that these same operators would answer "no" if asked whether they had an automated means of remotely distributing software to their devices.
 
Stephen Risto, director of NCR's APTRA software center of expertise, says, "An effective software distribution capability has become more sophisticated and dynamic than ever before. As deployers move forward with new self-service functionality across their ATM networks, a reliable and nimble means to distribute marketing content, software patches and new releases of ATM applications has become essential."
 
That sentiment runs nearly universal with ATM software professionals who have witnessed actual and near compromises to their products.
 
So why is software patching so important?
 
Michael Cochrane, senior solutions manager of digital security for Diebold Inc., says there are three primary reasons to patch an ATM system:
  • To maintain the system's functionality, performance, security, reliability and availability.
  • To improve the system through new enhancements and functionality or to address known vulnerability factors.
  • To react to unknown system events, such as security breaches or system contamination.
Organizations have a responsibility to provide customers with reliable and secure processes and transactions, and just one security or virus breach can compromise customer confidence not only for the institution, but also for the industry as a whole.
 
"Continuous patch management allows a financial institution to fulfill that responsibility in a thoughtful, timely and efficient way," Cochrane says.
 
The Windows operating system itself also must be monitored.
 
Pat Telford, principal consultant at Microsoft Consulting Services says, "All software has bugs. The corollary to this is that any substantial piece of software will have security flaws. If you have a security flaw, there is a risk that it could be exploited by an attacker. One way to reduce this risk is to fix the software flaw (by) using a patch.
 
In addition to addressing exposure to security risks, Telford also highlights some core virtues to a centralized software distribution program — such as reducing the "cost of functional change" and increasing the "pace of change." He reinforces that "visiting each ATM and making a change is expensive when compared to delivering the change in a well-managed fashion using centralized tools."
 
Even more important, Telford says, is the effect of software issues on the ATM user experience.
 
"As a channel, the ATM is a marketing touchpoint, a source of revenue and a driver of customer satisfaction," he said. "Being able to change the ATM software configuration quickly can allow you to deliver fresh, appropriate marketing graphics, make functional changes to address possible dissatisfaction points and potentially reduce downtime."
 
Diebold's Cochrane says the correct choice of deployment tools depends on the following:
  • Number of supported platforms
  • Number of systems and locations to be patched
  • Expertise of deployment team
  • Availability of existing system-management tools
Lastly, the underpinning of software distribution remains compliance.
 
As long as the ATM stores primary account numbers in logs and journals, the ATM will fall under the scrutiny of regulatory compliance. Ultimately, it's incumbent upon the financial institution to have an answer when it is asked to produce policies and practices for protecting ATMs beyond Triple DES.
 
Dan Palczynski is the ATM channel product manager for Cincinnati-based Fifth Third Processing Solutions. To submit a comment about this article, pleasee-mail the editor, Tracy Kitten.

Related Media

Software
Top 10 ATM software solutions
Software
Examining the past, present and future of XFS
Commentary
ATM features: 5 to include
Special Report
2024/25 ATM & Self-Service Software Trends
Presented by KAL ATM Software GmbH
Recent Posts
Eurasian Bank selects Diebold Nixdorf's self-service software
First National Bank to open 30 branches
Romanian man arrested for alleged cash trapping ATM scheme
Replacing the ATM: Pros and cons of new vs. remanufactured
Chase partners with The Points Guy for Make-A-Wish sweepstakes


©2025 Networld Media Group, LLC. All rights reserved.
b'S2-NEW'