CONTINUE TO SITE »
or wait 15 seconds

Blog

State-of-the-art testing: the first line of defense against fraudsters

Where there is money, there are fraudsters. Security is a big issue for ATM and kiosk fleet owners and deployers. While manual testing falls short, the best approach is to implement testing solutions that incorporate automation and virtualization.

iStock photo

June 25, 2019

By Steve Gilde, director of global product marketing, Paragon Application Systems

Security remains a significant issue for ATM and kiosk fleet owners and deployers. ATMs have historically been an attractive target for criminals simply because they contain large amounts of cash.

According to a recent study from the European Association for Secure Transactions, physical ATM attacks across Europe rose 27% annually from 2017 to 2018. Sophisticated hackers and cybercrooks are finding ever more creative ways to compromise these devices, both physically and logically. And as self-service kiosks see broader adoption across the globe, they are proving to be vulnerable to another growing threat: creative consumers.

While providing convenient access to cash, information, payments and other services is one of the key benefits of both ATMs and kiosks, it is also one of their biggest security flaws.  

The threat can't be overstated

ATMs and kiosks sit unprotected and vulnerable for hours at a time. These devices are also readily available for purchase on the secondary market, making it easy for crooks to slice up a machine while looking for the best ways to compromise the equipment. To make matters worse, 3D printers can easily replicate component pieces, allowing fraudsters to insert their own skimmers, traps and other electronics. If a 3D printer is beyond their reach, the crooks can simply buy OEM ATM parts in bulk off of the internet.

The hackers and crackers will continue to exploit any and every vulnerability they can find, whether it is in an ATM, a kiosk, a network or anywhere else. Not only do these attacks and thefts cause significant financial harm, they can also put sensitive corporate and consumer information at risk, creating the potential to erode trust in our financial systems. With the immediacy of social media and the power of the Internet, reports of a single negative interaction can often spread like wildfire, quickly tarnishing a brand and impacting shareholder value. 

There are no silver bullets here. The best protection is to have a comprehensive security strategy that covers the entire ATM/kiosk ecosystem, including the site, the machines, the network, the authorization host, the consumer accounts, etc. ATM and kiosk fleet owners must implement locks, lights, cameras, encryption, alarms, transaction monitoring and processing rules and do everything they can to try and keep the crooks at bay. In this case, end-to-end really means just that.

Manual testing falls short

A rigorous approach to testing and device maintenance is a critical component in this overarching strategy, but it often gets overlooked or put on the backburner in favor of other higher priority initiatives. 

Unfortunately, many ATM and kiosk fleet owners still rely on manual testing methods, which are in some cases, supported by technology that is several decades old. This may leave an organization exposed to unnecessary risk. Because of the time and effort involved in manual testing, these organizations typically test only a fraction of the total transaction set and other operational scenarios, e.g. ATM fault processing.

In addition to being slow and expensive, manual testing also introduces the very real possibility of human error into the testing equation. 

The key: automation, virtualization

A better, safer and more cost-effective approach is to implement testing solutions that incorporate automation and virtualization. Automated testing will improve delivery time for new products and services while also increasing efficiency, accuracy and overall test coverage. Virtualization helps organizations expand their capabilities far beyond the limitations of a single test lab, allowing resources from across the globe to have 24x7 access to testing facilities. Test tools built on modern web-based architecture can also be easily integrated with other enterprise applications and systems.

As the ATM industry wrestles with the effort to migrate devices to Windows 10, the need for a comprehensive testing strategy and robust tools becomes abundantly clear. Both will be critically important to completing the migration successfully, on time and with no negative impact on the customer experience. And when the Windows 10 migration is complete, it will be time to start planning for implementing the next generation of ATMs.

While a solid testing and maintenance strategy can’t prevent all potential hacks or threats (check out a few recent ATM attacks on Wired.com, BBC.com and The Irish Times), smart operators recognize that a comprehensive security strategy along with modern approach to testing and robust test tools does provide a solid first line of defense. 

Included In This Story

Paragon Application Systems

Paragon ATM simulation tools provide the features, functions and flexible automation options so that you can run more tests in less time - improving quality, shortening delivery cycles, reducing costs, fostering collaboration, and increasing channel profitability.

Request Info
Learn More

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf
Recent Posts
ATM fees increase for 3rd consecutive year
ATM check deposit fraud on the rise in Honolulu
The Farmers Bank renames branches, converts ATMs to ITMs
Nymeo Federal Credit Union wins recognition as 1 of the best workplaces in Maryland
ParaScript intros verification solution for checks


©2025 Networld Media Group, LLC. All rights reserved.
b'S2-NEW'