CONTINUE TO SITE »
or wait 15 seconds

News

ATM Industry Addresses Security Compliance Issues

November 19, 2004

NC firm helps banks meet ATM network security compliance standards

CHARLOTTE, North Carolina -- Consumers take ATMs for granted, expecting the machines to magically hand over cash and a receipt within seconds of inserting our card into the ATM card reader and entering our Personal Identification Number (PIN.) But in an era when more and more financial transactions are taking place electronically over the Internet, and most security concerns seem pointed in that direction, the ATM industry isn�t taking operations and security precautions for granted either and has, in fact, begun implementing new standards developed by the American National Standards Institute (ANSI) in 1998.

ATM security depends on keeping each person�s PIN a secret. To do this, the industry relies on encryption. Before the ATM sends a PIN to a bank for authorization, it is encrypted or "locked" using a numeric key known only by the ATM and the cardholder�s bank. If this key becomes compromised, the PIN can be decoded, making unauthorized cash withdrawals possible.

To ensure these encrypted keys remain secret, ATM networks require compliance to rules based on the ANSI key management standards. Strict compliance to these standards greatly reduces the probability that an encryption key will become known, thereby enhancing the security of each person�s PIN and the integrity of the overall network.

The financial technology industry has worked hard to create practical and efficient solutions to meet these new security provisions.

"The standards were developed as a proactive measure for the ATM industry," said Dennis Abraham, who served on the ANSI standards committee that developed these guidelines and is now president of Charlotte-based Trusted Security Solutions, Inc. "As is often the case in policy making, you develop standards in anticipation that private industry will step up to the task and develop the solutions to meet those standards."

Trusted Security Solutions� answer is to offer the A98 ATM Initial Key Establishment System to institutions that manage the cryptographic keys for ATM general key management (ANSI X9.24).

 

 

 

Cryptographic keys are keys that encrypt PINs and PIN encrypting keys. There are "A-keys" - which are initially loaded into the ATM and used to encrypt the PIN-encrypting key, and "B-keys" which typically encrypts the PINs. The A98 system is used to load these "A-keys" in a way that satisfies all network requirements. It works with all ATMs, requires no hardware or programming changes to the ATMs, and avoids the cumbersome requirements normally associated with compliant key management.

Abraham says it is the requirements addressed by the standards section regarding initial ATM keys that are often most problematic for financial institutions and frequently raise issues during a security audit. "This very crucial piece of the security issue can be the most difficult," he said. "That�s why it was important to develop a system that could bypass those kinds of problems."

Bank service personnel communicate with the A98 system via a touch-tone telephone to establish the initial ATM keys. Once established, the initial keys are securely communicated to the host computer that drives the ATMs. All activity and events are securely logged and detailed reports provide concise audit trail information. The A98 system is a turnkey system, including hardware, software, cryptographic card, IVR unit and an ATM host communication module.

Deadlines for ATMs to meet these compliance standards vary and depend on the individual ATM networks. Costs for the A98 Initial Key Establishment System range from $8 to $120 per ATM, depending on requirements needed for installation.

 

About Trusted Security Solutions, Inc.

Abraham & Associates, Inc. of Concord, NC and J.S. Walker and Co., Inc. of Charlotte, NC created Trusted Security Solutions, Inc. in 1999 for the purpose of bringing unique security solutions to the transaction processing industry. Abraham & Associates specializes in consulting services for the financial transaction processing industry with an emphasis on PIN based transactions. J.S. Walker & Company specializes in providing consulting services and the development of custom software applications for financial institutions, insurance companies and related businesses.

Trusted Security has implemented its A98 solution at a number of financial institutions and ATM processors. TSS markets directly and through several established resellers. Additional products are being planned and developed, including a key establishment solution for Point of Sale (POS) devices.

 

Included In This Story

Trusted Security Solutions - A98

Expertise You Can Bank On

Trusted Security's A98 System provides a compliant and efficient solution for establishing unique initial keys in each ATM. A98 uses remote key loading when possible and alternatively uses its patented Comvelope© solution to automate key loading of legacy ATMs.

Request Info
Learn More

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf
Recent Posts
Eurasian Bank selects Diebold Nixdorf's self-service software
First National Bank to open 30 branches
Romanian man arrested for alleged cash trapping ATM scheme
Replacing the ATM: Pros and cons of new vs. remanufactured
Chase partners with The Points Guy for Make-A-Wish sweepstakes


©2025 Networld Media Group, LLC. All rights reserved.
b'S2-NEW'