Welcome Guest | |
Follow Us:
    
Newsletter Signup:
ATM security: Should we be concerned?
Along with bringing convenience in our lives, ATMs have given birth to several new security threats and risks, says Avinash Kadam of MIEL e-Security By Avinash Kadam , MIEL e-Security, January 16, 2012

By allowing convenient and anytime access to cash, ATMs have definitely become an essential part of our daily lives. However, along with bringing convenience in our lives, ATMs have given birth to several new security threats and risks. We’ve all heard stories about rising number of ATM thefts. This indeed is very alarming, like a famous robber had once said about banks “because that’s where the money is.”

Let us look at some of the attacks and the counter measures used by the vendors:

Ram raid attacks / Theft of ATM: Apparently, breaking the ATM loose from the foundation and getting away with it using forklifts or SUVs is not an uncommon event. ATMs weigh between 180 to 1,400 kg, not an impossibly heavy load for equipment used in the construction industry. To prevent this, banks are taking precautions like anchoring the ATM securely to the foundation.

Safe cutting / breaking: Breaking of ATM with saw, axe and hammer is another common method. To avoid such incidences, manufacturers need to use tougher material and more thickness for the ATM walls to withstand such attempts. Essentially, this involves building the ATMs as per the specifications of a very secure safe.

Blowing up the ATM with explosives: This could be deterred, if not prevented by use of “Intelligent Banknote Neutralization System” (IBNS). IBNS involves use of chemical dye to color banknotes when someone blows or breaks the ATM. Disfigured banknotes can then be easily detected.

Robbing the staff handling cash: Locking of cash cartridges and using IBNS method is a way to prevent such attacks.

Apart from brute force and violent attacks, sophisticated attacks also pose ATM security risks. One such attack is card trapping/cash trapping, which involves the use of a glue-like material. The card, when inserted in ATM machine, gets stuck, and is not returned to the customer. After the customer walks away, the card is removed and used by the criminal. ATM users need to be vigilant about anything unusual in the card path or the cash dispenser. Key jamming is another similar kind of attack, which keeps the transaction live. The key could be jammed by as simple a means as inserting a match stick.

Next in the list are various ATM skimming attacks. These use some attachments at the card insertion slot to record the data on the magnetic stripe and a camera to note down the PIN being entered. Fake keypad is another method to record the PIN. Magnetic stripe recording can be prevented by replacing them with smart cards. Security of these devices needs to be enhanced to detect the presence of foreign objects near ATMs. Biometrics like fingerprints and palm vein structure can also be used to identify the customer.

Installing a fake ATM is another method of attack. In this case, the fake ATM captures customer details as soon as the details are entered and then displays an out-of-cash message. ATM hardware is usually a normal PC. However, better security is provided by using secure crypto-processors in secure enclosure. Similarly, the operating system is mostly Windows, requiring all the standard precautions to be taken to harden the OS against any attacks. Still, many cases of employees infecting the ATM software with virus, which enabled them to withdraw money at will, have come to light.

ATM networks are much safer as they use private networks or VPNs. But even these safe networks may have connections to the Internet. Otherwise the Slammer worm could not have shut down thousands of Bank of America ATMs.

The author is Director, COO and Head of Delivery at MIEL e-Security. He can be contacted at awkadam@mielesecurity.com.



blog comments powered by Disqus
Digital Issues
View More
Sponsored White Papers

  • Multiple ways to build a Multi-tenant SaaS Apps

  • Global Study on Mobility Risks - India Study

  • Global Study on Mobility Risks

  • Security Pros & Cons : Infographic Summary Report

  • Security Pros & Cons : Research Report

  • Identity and Information Security Integration

  • How to Get Started with Enterprise Risk Management

  • Benefits of a Partnering with a Security Service Provider

  • Enabling Cost-Cutting Initiatives with eGRC

  • Best Practices in Log Management

    
Featured Videos
MasterCard's PayPass turns your phone into a smarter wallet
At CTIA conference in New Orleans, we got demo of MasterCard's PayPass Wallet. It can be used to book airplane tickets, pay for cabs or buy a coke with your phone
More Videos
Latest Security News
All Articles By Avinash Kadam
Top Stories
CIO Life
‘My inspirations from life’ - N Nataraj, Global CIO, Hexaware
Winner of several prestigious awards, there are several important lessons from N Nataraj's career and life, which are inspirational for emerging CIOs. He shares his key inspirations from life, and the lessons learnt from every individual
BankTech India - IT News for BFSI Segment
We're on Google+
InformationWeek India on Facebook