Open A Service Order 800-423-3343 (EDGE)

ATM Security Archives - Financial Equipment for Retail & Financial Institutions | Edge One LLC

Upcoming PCI / EPP Compliance Mandates

In 2019, PCI (Payment Card Industry) announced new revisions for PCI PIN security requirements. PCI’s function is to set standards that ensure secure handling of customer PINs and data. PCI planned for a phased implementation of updates to provide a more secure method of transferring encryption keys from an ATM’s host processor to the ATM. Circumstances, such as Covid-19, resulted in an update to the compliance deadline dates. The dates below reflect these changes.

PCI PIN Security Requirement Dates:

  • December 31, 2022: Replace ATMs or upgrade EPP for ATMs with PCI PTS v1 or older
    (v1 EPPs are Less secure technology)
  • January 01, 2025: EPP hardware, firmware and software uses TR31 Phase 3 “Key Blocks”

Are your ATMs compliant?

In order to ensure the integrity of your ATMs, the current hardware and software needs an update. Failure to do so leaves your ATMs vulnerable. These vulnerabilities include risk of fraud, security attacks, data compromises and loss of revenue. As an ATM owner, the ATM networks consider you liable for any fraud or data breach involving your ATM. You could assess penalties or have any non-compliant ATMs shut down.

What actions should you take to ensure your ATMs are ready?

Prior to January 1, 2025, all ATMs will require, at a minimum, a software update. In addition, you may be required to replace your electronic PIN pad (EPP) or your ATM entirely. If you own or operate an ATM, do not leave this to chance. Contact the team at Edge One at 800-423-3343(EDGE). We will help audit your ATM fleet to ensure you are updated and compliant.

,

Cencon Lock Product Update

Alert Icon - Potential Alarm Override at ATMs

Potential Alarm Override at ATMs

Edge One has been made aware of a potential security vulnerability that could exist for customers deploying the DormaKaba Cencon locks, installed on your ATM or ITM, configured with the optional SHUNT feature. If the SHUNT feature is enabled, access to your ATM/ITM safe, generally after hours, would be allowed with the alarm being bypassed when a correct combination and smart key are used on the Cencon lock. Specialized tests have shown, however, that this signal can change state with relatively low-level vibration or impact, which could compromise the intended security of the lock, depending on how the SHUNT function has been configured. Meaning, if your DormaKaba Cencon lock is impacted or tampered with in a certain way there is potential to disarm the alarm without any sort of key or combination.

Due to the serious implications of inaccurate alarm signals reporting, Edge One recommends that customers apply remediation to mitigate against this issue.

This will not impact you if ANY of the following are true:

  • The ATM/ITM does not have a DormaKaba Cencon lock.
  • The ATM/ITM safe is not alarmed.
  • There is no afterhours access to the ATM/ITM.
  • You are using an alarm panel at the ATM/ITM to disable the alarm.

You may be impacted if:

  • The ATM/ITM is alarmed and does not have an alarm panel or box to disable the alarm.
Alert Icon - Potential Alarm Override at ATMs

Edge One Recommendations

Edge One recommends that customers determine if they are impacted by the potential alarm override. If it’s determined that you may be impacted, we recommend reaching out to your alarm and security vendor. They will need to configure the DormaKaba SHUNT feature to use the burglar switch rather than the lock shunt.  Feel free to supply them the attached diagram and instructions.

This recommended remediation will require a site visit to each impacted terminal by your alarm vendor during which they will require access to the safe. Note: DormaKaba, Kaba Mas and Mas Hamilton all refer to the same product.

If you have questions, feel free to contact your Edge One Financial Solutions Specialist.

ATM Security – What You Need to Know

The Word Security on Screen - ATM security

ATMs have long been a prime target for criminals.  ATMs deliver cash, credit and debit bank accounts, and as technology advances, they can serve even more functions than before.  For thieves looking for quick cash, ATM crime can be enticing. This means that financial institutions and retailers are constantly fighting attacks. Edge One wants to ensure you are informed when it comes to the different types of ATM security threats and the weapons available for their defense.

Image of a Chain - Hook and Chain Physical ATM Attacks

Physical ATM Attacks

These attacks involve thieves using brute force to gain access to the ATMs. A few of the more common types of physical attacks are:

  • Hook and Chain
  • Ram-raid / Pull-out
  • Cash Trapping
  • Explosive / Gas Attacks

Freestanding drive-up ATMs are particularly vulnerable to these attacks. We are seeing an increase in frequency in these physical ATM attacks here in the U.S. Luckily, there are options for protecting your ATMs.

Logical ATM Attacks

As ATM technology advances, so do the methods criminals use to gain access to the funds they contain. Logical attacks are instances where criminals use electronic devices or malware to gain access to the ATM.

These attacks can include:

  • Skimming
  • Jackpotting
  • Malware
  • Black box attacks

To protect yourself from logical attacks, it is critical that all ATM operators remain proactive and vigilant.

The Word Security on Screen - ATM security

Plan Your Defensive Strategy

The most effective ATM security strategy for your fleet is a through a comprehensive, multi-layered approach. The team at Edge One can provide you with a vulnerability assessment and develop a plan to mitigate your risks. Contact Us at 800-423-3343(EDGE).

Hook and Chain ATM Attacks – Are You Protected?

Hook and Chain with a blue sky - Hook and Chain ATM Thefts

ATM crime is nothing new. For years thieves have used methods such as tampering, skimming, and robbery. But as ATM security evolves, so do the techniques used by these criminals. We are currently seeing a rise in the frequency of a type of assault on ATMs called “hook and chain” attacks. These physical attacks on the ATMs can be dangerous and costly. It is important that your financial institution plans your defenses accordingly. Edge One can help.

Hook and Chain with a blue sky - Hook and Chain ATM Thefts

Hook and Chain Attacks

Using a vehicle, criminals target ATMs for this brute force attack. These attacks usually happen from late at night to early morning hours. The perpetrator attaches a large chain or cable to the ATM and accelerates. The force allows them to force open ATM safe doors. These attacks take less than 10 minutes. Even if they are not successful in opening the ATM, the resulting damage can be extensive. Freestanding, drive-up island ATMs are particularly vulnerable to these attacks.

Protection For Your ATM

Edge One can offer a solution to help protect your ATM from these attacks. Through a hardware solution from NCR, ATM criminals can be deterred.

Safe Slot Reinforcement Kits

Safe Slot Reinforcement (SSR) Kits have been designed as a counter measure to “hook and chain” attacks. These kits remove all available space around the dispenser and deposit slots while reinforcing the area around them. This makes it more difficult to damage the module transports and subsequently insert a hook through gaps in the safe door.

Each Upgrade Kit has been uniquely designed to fit around each model. Each ATM requires two kits to ensure total protection. The SSR kits are discreet, as they are not visible once the fascia is closed.

Close up of ATM dispensing slot - ATM Security

Protect Your ATM

At Edge One, your ATMs security is our top priority. We are dedicated to providing you with the best security solutions. For more information about our SSR kits, as well as other security offerings, Contact Us at 800-423-3343(EDGE).