News

Cardtronics reiterates PCI, Triple DES compliance in wake of Citibank ATM breach

July 6, 2008

HOUSTON — Cardtronics Inc. says its ATMs in 7-Eleven stores, branded for Citbank, fully comply with Triple DES and Payment Card Industry security standards.

The announcement comes on the heels of the recent news about the Citibank ATM-server breach, which is estimated to have led to the compromise of thousands of Citbank ATM cards and PINs.

In its statement, Cardtronics says recent press articles that connect Cardtronics to the ATM-server breach are false and misleading, and the Cardtronics' ATMs are not linked to the system attacks currently under criminal prosecution in the United States District Court of New York, N.Y.

"All ATMs owned or operated by Cardtronics have encrypted PIN pads, as well as Triple DES encryption, as required by the various electronic-fund-transfer networks," Cardtronics says. "Additionally, Cardtronics' processing platform complies with the PIN security requirements established by the Payment Card Industry and has successfully completed a PCI PIN-security field review performed by one of the major networks.

Last month, reports surfaced that thieves had hacked into Citibank ATMs at various 7-Eleven stores, stealing PINs that were later used to take millions of dollars from bankholders' accounts .

Cardtronics, which owns the machines, according to SecurityManagement.com, does not directly cite the breach, but states that it "is not involved in this criminal prosecution."