Automated teller machines (AMTs), have been around for
almost 50 years and we can count millions of them being used 24 hours in day
per 7 days of a week. ATMs represent an unexposed box packed with cash money, that
criminals (hackers, fraud, robberies and security breaches) have been keen on for since at their first publish. But
attacks on these cash machines (today stealing personal data of costumers is
more attractive than stealing only money) have been increasing significantly.
How can they be stopped doing this? It is very difficult to give one single
simple answer but all we can say is: We should focus on their security tools.
The ATM Network Security is very critical because this baking machine contains money (in cash) and requires very sensitive handling transmission of information. For this reason, we can find them distributed everywhere, in financial network, in network administration and other different areas of financial. ATM Security is the field of study that provides solutions at multiple points of protection against physical and electronic theft from ATMs and at the same time protecting their installations. Some types of attacks include physical attacks, skimming, mitigation and ATM malware. As for security specialist they are doing the best helping the costumers to get more out of the ATMs prevention and security systems. These security techniques start from surveillance cameras integrated in the body of the ATMs to anti-skimming defend to silent indicate systems.
This paper is an Analytical Research. In this paper
which is at least 5 pages, I have used facts or information already available
on internet, and analyzed them to make an analytic evaluation of the founded material.
I am using a deductive approach, which means that I am going to study the
theory of famous authors and the security analysis articles
or books that they have written. I have studied past records and other
information sources, to ?nd tout what ATM Security is and how to provide it.
Introduction to what an ATM
An automated teller machine (ATM) is an electronic
banking device, which allows clients to finish their basic transactions without
the support of a branch representative or bank teller. This machine permit customers of financial institutions to perform financial transactions. These kinds of transaction such as cash withdrawals,
deposits, transfer funds, or obtaining account information, can happen at any
time and without the need for direct interaction with bank staff.
The very first ATM opened
in New York City in 1939, but only on the last of 20 years its taken over and
it has a lot of names: automated teller, banking machine or simply a money
machine cash point. Like the bank human teller it replaces the ATM, identifies
you, knows your limits and provides access to financial transaction. It’s also
pretty much impregnable. Let’s see how it works: ATM face several challenges,
first make sure you and your card are legit, second, find your account
information, third accurately complete the transaction you want and finally do
it all while protecting an onboard vault that stores thousands. With more than
1.5 million of ATMs around the world, most of us simply takes their access to
cash for granted.
ATMs Deposits and their
Criminal acts against ATMs and their
customers have always been a top concern for institutions. Additional
surveillance cameras, electronic locks and other physical controls have been
added at many institutions to make the ATM a secure place for banking
ATM now are working beneath a system which is far more complex. The performance
of transaction looks to be high protected because the machines are implemented
with security measures. Although that the grab and go method of attack is being
decline, there are so many sophisticated ways of scamming. Hacking the
operation system of these ATMs to have access on the encrypted costumer’s data
by hackers or threaten with weapons, are only too examples that show perfectly
that criminals are always a step before costumers.
Experts say that the answer is: “An
ATM’s safety depends on where it is”. If it is at a bank, an ATM is somewhat
safer than being in a public place, such as a ballpark, a train station or a
mall. “You should never use ATM machines at convenience stores if you can
help it because those are much more susceptible to tampering,” added
Avivah Litan, a security analyst with the Gartner research firm.
In fact, a large percent of your bank deposits go
out (draw in) with no errors. However, we must not take their security for
granted and always should be prepared for the consequences. If you are going to
make a large deposit,
the ATM must not take in your consideration as a first choice. From time to
time there will be errors — you might have the chance not to experience them
during your bank experience, and most problems will be resolved easily by your
bank, but remember that you’re dealing with an iron machine that may make
If we do a short search on Internet, we can easily find
quite of horrifying stories about a huge number of deposits that went wrong:
money disappears as they come from the slot, no actual records of the deposit, etc.
Remember, in case that you consider your deposits as a big deal, for your own
safe, go inside the bank and operate with a teller. There are two basic things
to consider about:
same locations are popularly known as dangerous place for an ATM
security tips: we should all know same tips before using an ATM, to
prevent so the possible danger
If there ever happens a problem, you report it and
an investigation starts. It can take at least several days (or several weeks)
and during this time, here is what occurs:
The ATM operator should inspect the transaction,
Review any security system,
Internal workings of the machine (including here
the jammed bills), and in the end report back to your bank.
In many cases, the ATM operator is located away
from the organization or the bank – is important also here to add that even if
the ATM is located in a bank branch, the bank employees in general are not
allowed to open up the machine.
Some of ATMs threats:
Security of ATMs
ATMs security area has a lot of dimensions and we
are conscious about this. They provide a practical demonstration of a number of security
systems and concepts operating together and how various security concerns are
addressed. Here is a list of them:
Transactional secrecy and integrity
Customer identity integrity
Device operation integrity
Sabotage of camera
The main focus a security since the first release
of the ATMs was to make the terminals untouchable against physical attack; so
they managed to create a safe container mechanisms which are impossible to be
open unless thieves decide to use some extra forces such as gas explosive. To
do this they must to stole the hole body of the machine. Modern ATM
physical security, has the main focus on denying the usage of the money founded
inside the machine from the thieves. But how this is possible? It can be a great solution if different types
of Intelligent Banknote Neutralization Systems are used. Also, another method
to keep money safe from physical thieves is to keep a secret schedule for the
time and the staff that fills the machines with cash.
The robbers use
blowtorches, crowbars and trucks but they don’t stand a chance against this
machine. Built from 100 kilograms of steel able to stand 22 tons of blunt force
the vault can survive assault more than long enough for police to arrive and
even they get into the machine the money is useless because the exploded boxes
have died, ruining the cash as soon as the vault seals are broken. There is
also onboard GPS to track those who try drive them away.
secrecy and integrity
Having a secured crypto processor is what makes the
ATM transactions to rely their security, but also the ATMs in many cases use
general components that sometimes cannot be considered as a “trusted
data information, as provided by law, must be encrypted to prevent in this way
money frauds. Usually the type of encryption used for these kind of data
is DES, but nowadays Triple DES is more required from the ATMs processors.
There are two techniques we use to ensure the integrity of messages which are
generated while a transaction is happening and also to keep safe and secret the
initialization of encryption and its keys. The first technique is called Message
Authentication Code (MAC) or Partial MAC and the second one name is Remote Key
Man-in-the-middle attacks, has always been a concern
for security in every computer field. As it belongs to ATMs, these attacks have
caused a large number of frauds. Using this method criminals place fake keypads
or card readers to the machines and archive to take personal data such as PINs
or other information providing their selves unauthorized access. Finger prints,
iris and facial recognition, are only some of the new methods developed by
technology used to verify the real owner of the credit cards. This technology
is now implemented on a major number of ATMs detecting successfully at 99% the
cases of skimming.
We left without mentioning here a real
high-potential threat: the hackers. After completing the machine with
mechanicals shutters (preventing tamper), after placing insidious alarm sensors
(for unauthorized personnel to fill the machine with cash money) now ATMs have
firewalls. At the moment that firewall detect a malicious tentative open the
machine in remote, it immediately locks down the machine and the hackers cannot
If you are asking yourself, what happens when the system
of integrity fails? First, we should know that in these case, the moneys are
classified as a failed transaction or exposed non-securely. As the jurisdiction dictate, a bank may or
may not be responsible when an attempt is made to give a customer’s money from
an ATM. Customers complain that it is quite impossible or difficult to recover the
lost money lost, although this gets complicated because of the bank policies
regarding to suspicious activities of the criminal element.
Costumer security must be the main focus of bank
industry and of their safety politics.
So most of the bank consultants suggest to concentrate on preventing
measures rather than on forced withdrawals.
Some implemented security features on ATMs:
an emergency PIN system
silent alarm in response to a threat
an emergency telephone number
displaying on-screen safety warnings
convex mirrors above the display allowing the
user to see what is happening behind them
A short “case
study” which tells us how a cooperation that provide banking hard/software and
services view, manage and implements ATMs security tools.
Costumers love ATMs because is safest and most
convenient way of getting cash out but it needs constant protection from
logical and physical attacks, from outside and inside, but the question is how?
It is quite simple, WINCOR NIXDDORF has the right solution to deal with every
danger with PC/E terminal security.
protection protects your ATM from viruses, trojans and worms so that it is
not put out of action. Perhaps someone is also trying to connect a USB device
to the ATM or to change the software, intrusion protection will also protect
against this. The software will recognizes not only known dangers but also
unknown threats. It is also up-to-date without having to install any updates or
restart. Another product from PC/E is access protection. Software manipulation
and the misuse of data melt away to become a thing of the past and in case
anyone tries to at the hard disk in your ATM this is protected from hard disk
encryption. This ensures that he hard disk will only work when it is inside the
ATM and is connected to all of its recognized devices such as the shutter, EPP
or card reader.
But there is more to ATM protection from WINCOR
Correlation Engine. Let’s suppose Henri is a safety for a major bank. At
night he sits in front of the security monitors and can see everything that is
going on. Henry… Henry’s concertation sometimes lapses a little but he must be
able to prevent any money losses. Here is the solution for him: Fraud
Correlation Engine from WINCO NIXDDORF. The Fraud Correlation Engine is an
intelligent control system which for example uses sensors to inform you when a
branch is approached when a card is inserted into the card reader or when gas
is introduced to the ATM. The software evaluates all of this data and warns the
safety worker, in this case Henry, if there are any unusual combination. For
example, is someone enters the branch at night but for a long time no
transaction takes place at the ATM, Henry is thrilled. HE has found an alarm.
Along with PC/E terminal security, all ATMs now have the very best protection.