|« The Open Data Decalogue||Automated Fare Collection System (AFCS) »|
Interview with the expert. How Checker ATM Security was born
Interview with the expert. How Checker ATM Security was born
Pedro Celis de la Hoz is a physics graduate from the Universidad Autónoma de Madrid (1997). His career began in the company Informática El Corte Inglés and then continued in Uno-e, a bank belonging to Grupo BBVA. He joined GMV in 2001 as Head of the Messaging and Mobility Section. After leading various projects in the mobility area he began to focus on the design and development of software products, including the checker ATM Security product. Since 2007 he has been Product Manager in GMV’s New Developments and Products Unit.
First of all good day to you. Could you give us a brief description of checker ATM Security?
In a nutshell, checker ATM Security is a product that allows financial institutions (mainly banks) to control the software that is being run in their ATM network so that only software known and permitted by the bank concerned is accepted. This is known as a white list (the list of permitted software). Checker makes it impossible for the ATMS to be hijacked by malware that might jeopardize the money or information of the bank and its clients.
You have led checker’s development team from the start, is that right?
Yes I have. I’ve been lucky enough to form part of the checker team since it was merely an idea. I consider it without doubt as the biggest challenge of my professional career, and also the most rewarding. Throughout these years my work has involved pooling, filtering and coordinating the inputs of everyone who has collaborated in the product development and design. It is precisely this varied and plentiful set of collaborations that has been the key to the product’s success.
How did the idea first crop up?
To create a successful product like checker two factors are essential during the genesis: detecting the need and then solving it. First and foremost you need a shrewd eye for users’ concerns and the ability to pinpoint needs not covered by other solutions on the market, even pre-empting future needs that no one else has envisaged yet. Secondly, you need to find the best way of meeting this need and solving the problem in the most efficient and simple way while also ensuring that it is commercially attractive to potential clients.
In the particular case of checker due recognition must be given to the fact that the initial idea, or rather the detection of the need, came from a person outside GMV, Mikel Aguirregabiria. Mikel is not only an excellent person and one of the best professionals I’ve ever met but also one of the people who has built up most experience in ATMs and means of payment in Spain. Together with his ability of putting himself in the client’s shoes, these skills enabled him to pinpoint a clear need for a specific ATM security product to solve the shortfalls detected by clients.
Right from the start Mikel saw clearly that his idea could be brought to fruition only by an innovation-driven company with a proven capacity of developing trustworthy software and a wide-ranging and recognized experience in logical security. GMV combined these three key features and was therefore the ideal candidate for developing Mikel’s brainchild.
How was the ride from the original idea to the final product?
When this idea-opportunity first came to GMV we formed a small working team of two or three people with the sole remit of conducting a feasibility study of the possible product from the economic, commercial and technical viewpoint. To do so we had to estimate the product development effort, the sales price, the marketing methods, the price-market equation, the possible technical problems, etc. This first step was fundamental for laying down the bases of the product and deciding how best to tackle the problem and come up with a viable solution.
This marked the start of the most difficult and also most entertaining task, i.e., designing a solution, analyzing all the aspects of the problem and coming up with an overall solution to all or most of them. Fundamental in this design was the help of a multidisciplinary team making different inputs to build up the final picture of the product.
Lastly, once you’re clear about what you want to do, you have to go head and do it, and do it well. And the truth is that in the case of checker we managed to solve all the technical problems in a simple and elegant way. It is precisely this simplicity that is such an important part of the product’s success, since it is obvious to the clients on first sight of the product.
The result of this hard initial work was the first version of checker ATM security, which, despite the logical evolution afterwards and a couple of tweaks and facelifts, still remains the core of the product today.
How long did this whole process last?
The initial process from the start of development until the first release of checker, in June 2006, lasted 16 months. Since then work has gone on nonstop; the product is still alive and evolving continually, incorporating new functions in every version we bring out. We’ve now clocked up nearly 6 years and have reached version 3.1!
Did you meet many difficulties along the way? Which was the hardest hurdle?
Although the product has several very technically complex components, the biggest difficulties were commercial. The prime difficulty was the worldwide economic situation. As we all well know banks have been hit hard by the downturn since 2007 and they have pulled in their horns, cutting down also on technological investments.
The other commercial snag we had to deal with was the banks’ complacency about the vulnerability of their ATMs and the associated risk. They often didn’t see any need for a logical ATM security product.
Fortunately this second difficulty is now on the wane. Banks are becoming acutely aware of the threats hovering over their ATMs as the first news breaks about attacks on ATM networks.
What was the most enjoyable/satisfying aspect of the process?
Without doubt the keen takeup of the product among our clients. The best endorsement of all your work is to see the clients checking out checker against similar products and then deciding to buy it. We are very proud to say that whenever banks have tested the mettle of our product against the competition, checker has always come out winning.
How was the product’s market launch. Has it now been installed in any client?
As I’ve already pointed out, the first version of the product was snapped up within a few months of its launch by one of the biggest banks in South America. Since then the clients have come thick and fast and we can say with a certain pride that checker ATM security has by now been set up in nearly 80,000 ATMs around the world, especially in Spain, where about 20% of ATMs now have checker fitted, and South America.
Have you worked on more products in the past?
The truth is that for one reason or another, ever since I began working in GMV I’ve almost always been involved in the design of products with greater or lesser success. The first one of them was e-Smovil, an SMS platform for the mass processing of messages, which was purchased in Spain by such important clients as the Spanish railway network RENFE and the Regional Council of Castilla y León, and was used on a couple of high-profile TV shows. These platforms are still up and running today as one of the most widespread communication channels on the strength of their reliability and capacity for dealing with huge volumes of messages.
Are you now working on any new product/project? Can you give us any scoops?
At the moment we are working on several lines that bear no relation whatsoever to ATMs. The one that we believe is likely to be hugely useful is codelogin. This idea is so groundbreaking that we decided to take out a patent from the start, under which Juan Jesús León (Manager of GMV’s New Developments and Products Unit) and I myself are co-inventors.
Codelogin is a product allowing users to identify themselves on any screen-based site or device (television set, computer monitor, tablet, ATM,…) by using their Smartphone (iPhone, Android, Blackberry,…) without needing to enter a PIN or their user name and password or without needing to key in anything at all, simply by capturing a bidi code with the cell phone camera.
Think of the number of times we have to key in our PIN, user name, the password we always forget … with codelogin on the cell phone you simply capture a Bidi code and you're ready to go!
Drop into the following YouTube address for a demo of this product: http://www.youtube.com/watch?v=HFgAulD3au8