Main page  /  ATM protection from hacker attacks and cyber-threats.

How to protect ATM from hacker attacks and cyber-threats?

Vladimir Guskov, ex-Head of Technical Support, SafenSoft
2011, August

Recommendations of ATMIA

Every year in our country a number of ATMs becomes more and more, a life without them it is not easy. For example, in January 2011 only Sberbank had 27.7 thousand ATMs - 4.8 thousand more than in 2010. However ATMs not only bring comfort in our life, but became a fertile ground for financial fraud.

Today in contrast to the situation prevailing 5-6 years ago, the forefront threat unrelated to the physical risks.

Earlier the most pressing problems in the security services were preventing physical hacking ATM and installation of fake devices over faceplates ATM, to combat theft of Bank cards and given money. These problems are easily solved with the help of using cameras and correct choice of a place for ATM location.

Now came to the fore the threat of another kind.

Transactions related to Bank cards go through the Internet hackers and other cyber criminals. Veterans still remember that 10 years ago the ATM software component in most cases was OS/2. And perhaps it would have continued, if 31 December 2006 IBM has discontinued support for OS/2 users. Currently the ATM network is usually installed one or another version of Windows XP. According to Trend Micro, Windows will be applied in 75% of new ATMs. The process is already running: every year about 10% of the total number of in-service ATMs replaced by new models. On the average, in modern conditions the lifetime of ATM makes up to 10 years, at that the mass replacement began 5 years ago, it is already close to the time when the vast majority of ATMs will be running Windows. Certainly, there is a «stripped-down» OS on the ATM , and a smaller set of functionality, the smaller areas, error-prone and opportunities for security attacks. However, the architecture of Windows is familiar attackers and this means that ATM can be exposed to the attack of any malicious program that is written for that operating system.

Such attacks have many negative consequences: loss from monetary funds from the accounts of cardholders to blow on the Bank reputation due to the lighting of negative events in the media.

Thus, the protection of the ATM software component becomes priority in the complex security measures ATM.

There are particularly relevant basic theses «ATM Software Security Best Practices (best practices ATMs information security) containing recommendations on the protection of ATM or payment terminal from cyber threats.

ATMIA gives tips how to protect ATM better.

First of all, one must strive to lead ATM in compliance with the PCI DSS . The Payment Card Industry Data Security Standard (PCI DSS) is a protection standard payment card in industry data developed by the international payment systems Visa and MasterCard.

What about the same software installed on ATMs, AIMIA makes the following recommendations:

  1. Follow the advice of security, which gives the vendor. ATM manufacturers carefully test existing security systems, especially at the ATMs that are released, as responsible for them.
  2. Use only the bare minimum of the OS functionality, the more programs will be in the system, the greater that one of them would be harmful. To prevent this, you should maintain the integrity, permanence of the system. This can help specially written or purchased on the side of the application.
  3. Use multiple layers of ATM protection. Configure access to the devices of data input-output. Use a firewall. The firewall can be software or hardware. Firewall software is more reliable solution than hardware, as it is not switched off by disconnecting from the network. A good firewall will create a set of rules which allow ATM to take only inbound traffic that is sent in response to his requests.
  4. Do not forget that the increase in the number of security solutions doesn’t mean the quality. First of all, control of the system must be effective.
  5. Use as a supplement to the antimalware software (for example, anti-virus). Remember, however, that anti-viruses require constant updates of its bases and they need a constant Internet. The ATM network is often slow and an attempt by the anti-virus to go to the network may slow down their work.
  6. Alternative antivirus is a HIPS (Host Intrusion Prevention System), intrusion prevention system. It does not require updates, supporting the system to known, working state and doesn’t allow the execution of applications, which are not included to the trusted list. Decisions relating to the HIPS, and protect and memory devices that will prevent attacks buffer Overflow exchange».
  7. Standards for the application of anti-viruses software the ATMs are still being developed. PCI DSS compliance need to install anti-virus, however, this doesn’t guarantee full protection from invasion.

To summarize

To reliably protect the ATM or another autonomous device, with which financial transactions are carried out from cyber attacks you must observe the following rules:

These help protect ATM from hackers and cheaters.

Certainly, these proposals are only describe a General approach to the protection requirements of ATMs and payment terminals on the software level.

Currently, output is preparing a new edition of the ATMIA Best Practices, which should see the light at the end of 2011. This document contains recommendations ATMIA relating to security policies, industry standards, including an analysis of common threats and risks and detailed recommendations for the protection of the ATM level. In the future we will cover this topic in more detail, on the basis of the new edition of best practices ATMIA.

SafenSoft, 2004-2021. All rights are reserved.