Logical attacks (i.e. malware & black box attacks) can impact any ATM architecture across the industry if basic security configurations are not employed. It is critical that all ATM operators remain proactive and vigilant, and support those efforts with multi-layered, logical and physical security strategies.
Edge One and NCR would like to remind all customers of the key, major recommendations for securing your ATM fleet:
- Prevent booting from a removable media (including disabling auto play)
- BIOS editing must be password protected
- Establish an adequate operational password policy for all passwords
- Implement communications encryption (SSL encryption or VPN)
- Establish a firewall
- Remove unused services and applications
- Deploy an effective anti‐virus mechanism
- NCR recommends active whitelisting applications which go beyond traditional antivirus programs – specifically the deployment of Solidcore Suite for APTRA ™
- Establish a policy for secure software upgrades
- Ensure the application runs in a locked down account with minimum privileges required.
- Define different accounts for different user privileges
- Establish a regular patching process for all software installed
It is important to consider the environment, and scale the physical security protecting the ATM accordingly. ATMs in unattended public locations are at highest risk.
The following best practice guidelines for all ATM’s are strongly recommended, but specifically for those in higher risk ATM environments.
- Utilize an alarm that will alert when the Top Box is opened
- NCR Skimming Protection Solution provides this functionality
- TMD Card Protection Plate (CPP) – Defends against deep insert skimmers and shimmers, fraudulent devices that are inserted deep inside the ATM card reader.
- Card Reader Guards (CRG) – The addition of a bar that makes it virtually impossible for the type of applique, or overlay skimmers.
- L3 Dispenser – Dispenser encryption is enabled by default on all SelfServ ATMs, however, the authentication level must be configured to L3.
- NCR also recommends the use of other deterrence methods such as;
- Surveillance monitoring, which will also detect and record suspicious activities around the ATM
- Adequate ambient lighting