News
The more they can do … the more to worry about
ATM security has always been a concern for deployers. But with the shift from OS/2 to Windows, ATMs are requiring more attention. They can do more, but should deployers also be concerned that they're more susceptible to viruses and data security attacks?
December 27, 2005
Modern conveniences almost always have side effects. It's like stand-up comedian George Carlin says: The more stuff you've got, the more you've got to worry about.
Well, ATMs aren't outside the laws of Carlin. While the shift to Windows has enabled ATM channel integration, greater network connectivity and more dynamic advertising campaigns, it also has increased concerns for security breaches.
Steve Risto, director of Dayton, Ohio-based NCR Corp.'s APTRA Software Center of Expertise, said ATM security is a "hot" topic right now.
That's not because Windows security concerns are just coming to the forefront. It's because Windows ATMs are becoming the norm.
"The Windows-based ATMs thing didn't start to hit the mainstream until the last year or so," Risto said, "even though Windows ATMs have been around for the last eight years."
Fears about Windows-based ATMs' vulnerability to viruses haven't just started to make news headlines - software developers and ATM techs have always known that Windows differs greatly from legacy platforms.
|
What is new, however, is that a number of changes have recently taken place simultaneously in the ATM space for a majority of financial institutions and ATM deployers, Risto added.
A whole new ballgame
"This (shift) has taken them out of a space that they've been comfortable with," Risto said. "There are a number of considerations that they need to think about. It's a new ATM space with Windows, and there's a lot to be concerned about."
The push for Triple DES compliance was the catalyst for the Windows shift. Security was the star of that troupe from the beginning. But Risto said deployers, especially FIs, didn't consider security from every angle.
With Windows has come the need to move from dial-up to TCP/IP, for instance. With more dynamic marketing efforts that pull in customer relationship management, as an example, ATM customers need to be touched in real-time. An ATM that takes a long time to upload information and communicate with the customer will likely, well, not be revisited.
But connections like TCP/IP are opening FIs and deployers up to a world of hackers. That's forcing security and information technology departments to be brought into the ATM fold. It's also forcing deployers to reevaluate their ATM networks.
"You might have used file distribution in the past on dial-up on OS/2. Today you're using TCP/IP," which is a whole new ballgame, said Keith Lewis, director of marketing and solutions for Global Software and Services at North Canton, Ohio-based Diebold Inc.
Scott Harroff, chief security architect of Diebold's Global Software and Services organization, said the difference is that with TCP/IP connectivity, the ATM is always on the network. With dial-up, the ATM is connected for about two or three minutes, when the transaction occurs.
But that's not necessarily a bad thing, Harroff added. In fact, that connectivity provides more options, where file distribution is concerned.
File distribution: content and software
File distribution wasn't of much value on legacy platforms, but it's found new stature on Windows, said George Throckmorton,a senior marketing manager for ACI Worldwide Inc.
"From a security standpoint, banks were looking at Windows-based software and comparing it to OS/2 software, which was pretty locked down and stable," Throckmorton said. "Now banks have to worry about Windows patches … and virus protection, like putting MacAfee on the ATM."
Because of the shift to Windows, ATM deployers are using file distribution for marketing content, but they also should use it for software updates.
"File distribution, in the past, was only for marketing efforts," Throckmorton said. "But now it's more of a utility. … File (software) distribution can be used to send patches down to the ATM every time we see an update or something new from Microsoft."
That's why manufacturers are encouraging FIs to have file distribution systems in place.
"File distribution - that's one critical, critical element that we keep talking about," Risto said. "It's one of handful of infrastructures in place that deployers need to take advantage of. You've got security patches from Microsoft, you've got updates to the operating system, and you need to have the infrastructure in place to update the ATM, without having to physically visit the ATM."
"There's a push for a software distribution capability that exists now," Risto added, "more so than in the other paradigm. … Because of new, advanced transactions, there's more going on at ATM, and the versions of the applications are changing more frequently. It all adds up to a much more active management environment - much more active than what they've been doing in the past."
So file distribution is at the top of list, Risto and Lewis agreed.
Even in the pilot phase, as deployers test out their Windows ATMs, Risto said, they should be piloting and testing their content and software distribution infrastructures.
"There are a variety of means they can use, but what we recommend right off the top is that whatever they're using they use enterprise wide," Risto added.
Some deployers, both Risto and Harroff said, opt for third-party software distribution functions that manage other things such as scheduling; and there's no one right option. "They just need to pick one they're comfortable with and use it," Risto said.
But, as Throckmorton stated, "Customers are concerned with file distribution and network security."
Security?
So what about that 24/7 connectivity: Does that constant connection make ATMs more vulnerable?
Harroff said no. ATM manufacturers have worked through most of the security concerns that deployers face.
"There's an assumption that TCP/IP makes ATMs more vulnerable, but a Windows-based ATM can be just as secure as an OS/2 machine," he said. "Some say it's more secure."
Harroff added that as OS/2 nears the end of its life, less research and support is being offered for it. All of the attention is shifting to Windows.
And the ATM is not a PC, Harroff added. The patches it requires differ from what Microsoft puts out for PCs, and most manufacturers are ensuring that ATMs are invisible on the network.
"It's like having a locked door," Harroff said. "On a Diebold ATM those ports aren't open, so there's no way to remotely get in. … The ports are deliberately closed, so even if you deliberately put a virus on the ATM, it wouldn't go anywhere. That gives you more time to deploy the patch. It gives you control."
Included In This Story
Diebold Nixdorf
As a global technology leader and innovative services provider, Diebold Nixdorf delivers the solutions that enable financial institutions to improve efficiencies, protect assets and better serve consumers.
Related Media
SecurityPresented ByDiebold Nixdorf
Subscribe
Get the latest news and resources from ATM Marketplace.
Recent Posts
