CONTINUE TO SITE »
or wait 15 seconds

News

All ATM security, all the time

The recent ATM Sec 2 conference, presented by the ATM Industry Association, gave participants a comprehensive overview of ATM security issues.

April 30, 2002

Editor's note: Nick Kirby, editor of Touchpoints, was kind enough to share his coverage of the recent ATM Sec 2 conference with ATMmarketplace. Following is his recounting of Day One of the event. For more on Day Two, click here.
 
On the ball
The International Suite at Old Trafford football ground – home to the legendary Manchester United – was the venue for the recent ATM Sec 2 conference. Organized by the ATM Industry Association, this event followed on from the success of last year's conference, but adopted a new format and included the first-ever presentation of the ATM Security Awards. (See related story ATMIA presents global ATM security awards)
 
Spread over two days, the conference offered a wealth of information across the entire security spectrum, and gave a clear view of where the ATM industry stands with regard to all security issues.
Mike Lee and Nick Kirby

But before we got down to the real work, the delegates were treated to a guided tour of the football ground. Not only did we see the stadium itself, but we were taken into the players' lounge and the dressing room, as well as walking down the tunnel from which the players emerge at the beginning of the match. It's a rather impressive place! Then it was onto the events of day one.

Proceedings began with a welcome from Mike Lee, executive director, International, ATMIA, who addressed the theme of the conference – Discover End-to-End ATM Security. He said: "We hope that when you leave this event, you'll have a good idea of the A to Z of security, and a clearer idea of how we can defeat the criminals who affect our industry."

The first day's keynote address was given by John Williams, crime prevention manager at HSBC. Looking at physical ATM security he addressed the importance of balancing competing needs – from business, police, and customer perspectives. And he opened with the admission that "I have not been able to find a 'one size fits all' solution for security and I don't think that such an animal exists."

Indeed, it seems that it is a difficult task to satisfy the diverse security needs of different sectors. Whilst the business has profitability considerations, and the ever-important requirement to build trust in the brand, the customer has to feel safe when transacting at an ATM. Not only are financial institutions at risk from physical attacks on ATMs, and the subsequent cost implications, their customers and service providers are also at risk of attack and that can impact on the brand.

"I have not been able to find a 'one size fits all' solution for security and I don't think that such an animal exists."

John Williams
crime prevention manager, HSBC

Imagine, Williams suggested, a person of a certain age being attacked at an HSBC ATM – the story gets into the press and the fact that the attack took place can be overshadowed by the fact that it was HSBC. The way the company is perceived by the public could be damaged.

Williams then ran through the different types of attack – ATM facing, customer facing and service provider facing – before looking at available protection mechanisms. He then addressed the types of criminals who perpetrated the different types of crime. Some time was then spent on how to meet the variety of business and customer needs from an ATM and the question of finding the balance.

However, as we have seen with many business strategies – be it chip cards, mobile technology and the like – when it comes to security, the customer is key. Williams said: "The customer, of course, is the Holy Grail, and the brand's task is to attract as many as possible." And that means the customer has to feel safe.

This introduction to a wide range of security issues was a great start to the conference and was the perfect lead in to the second presentation.
 
New concerns

The increase in the off-site ATM market in the UK has been of some concern to the country's Police forces, as there is always the potential for a related increase in crime. Alan Townsend, crime prevention coordinator, for London's Metropolitan Police Flying Squad, is a recognized authority on ATM crime, and brought his expertise to bear on this matter.

He began by saying: "The retail sector has been a victim of ever-increasing crime, and the ATM is part of that." Then he went on to illustrate that 48 per cent of new ATM installations in the UK are off-site, and whilst crime against banks, building societies and cash-in-transit (CIT) in London has significantly reduced, the off-site machine is increasingly becoming a target.

"This rise (in the number of off-site machines) has caused the Police some concern, owing to the variety of locations. This has lead to an increased risk of crime. If we don't tackle it now, then five years down the line it could be a problem," Townsend said.
 
While the Flying Squad has figures on off-site crime, Townsend was quick to point out that these weren't league tables, "but should raise the awareness of risk to ATM manufacturers and deployers."
 
And he went on to discuss how the ATM Security Working Group, which was set up last year to address ATM crime, now has 21 members and is growing. The Group, which comprises representatives from law enforcement and the banking and ATM industries, has drafted best practice security guidelines, and helps with the pooling and dissemination of information on ATM crime.
For more information on the ATM Security Working Group, contact Alan Townsend on +44 (0) 20 7230 3729, or by email at info@banknotewatch.com.

Following Alan Townsend was Bill Jackson, chief technical officer at Triton who went over aspects of physical and electronic security. He looked at ways of fighting attacks on ATMs as well as covering key management architecture and Triple DES (which was a recurring theme at the conference).

He also dealt with customer education, and how important it was to raise awareness of scams such as phony keypads, phony cardreaders and the like. Jackson pointed out: "The customer is the first line of defense and is potentially the weakest point, so the answer is education, education, education."

After lunch, Lachlan Gunn, director, BenAlpin recommenced proceedings. In his opening statements, ATMIA's Mike Lee had credited Gunn as providing the inspiration for the conference's main theme – end-to-end security – and Gunn led us through what he perceives to be the main principles.

He explored the ATM lifecycle, the potential crime threats, understanding security solutions and balancing risks in order to put together a security strategy. Gunn pointed out: "The more information we can gather about crime the better, including geographical crime trends and actual threats."

The main thrust of this presentation was that a security check list could be drawn up that covered every aspect of security, from assessing the potential site before installation, right through that process, to check-ups once the machine was in place. It is Gunn's hope that some time soon, there will be a best practice check list, endorsed by ATMIA, that could be used as a guideline for ATM security.
 
Round-up

A new feature at this year's conference was the inclusion of user groups. Delegates were asked to choose from a range of subjects and groups were then formed to discuss each one. I chose to attend the ATM Security Standards and Solutions Group chaired by John Benton, director, Association of Security Consultants.

In the space of 45 minutes, the members of this group managed to cover a lot of ground, some of which was, admittedly, rather technical. Regarding the standards set in the UK with regards to alarms, safes, locks, resistance to attack and the like, Benton pointed out that: "These are not mandatory, do not become law, but are highly respected by insurance companies and police."

This led on to a discussion of whether there should be pan-European or global standards and whether these should be mandatory or not. The general consensus of the group was that there should be a level playing field for standards, but that making them mandatory was not a real likelihood. It was suggested that companies refusing to adapt standards should be penalized by increased, or refused, insurance.

The last piece of work for the day was when the chairmen of the groups came back to present their feedback to the delegates.

Then it was time for the cocktail reception where one lucky winner collected a football signed by Manchester United's stars. This was through a raffle held during the day which managed to raise £203 for the Centre for Accessible Environments, who do considerable work in the area of accessibility for the disabled.

It had been a long day and there had been a lot to take in, but it had proved rewarding and informative. Now there was day twoto look forward to…

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf
Recent Posts


©2025 Networld Media Group, LLC. All rights reserved.
b'S2-NEW'