checker ATM security How to Combat ATM Fraud. ATM network security
Do you think your ATMs are safe from malware attacks? Do you think the bankcard data illegally swarming around the net is obtained only with physical skimming devices? Do you know just how easy it is to get cash from ATMs without authorization and almost without trace? Do you know why an antivirus may not be any good to you?
Cybercrime is nowadays one of the prime concerns of government security forces and corps. Initiatives like Cyberstorm or Cybereurope show that safeguarding critical infrastructure from organized crime calls for an ever-greater focus on information-systems and network security.
Recent attacks on ATMs of South Korea or the outbreak of data- and cash-robbing skimmer malware in Russia or the Ukraine show that ATM attacks are becoming more and more sophisticated. In some known cases the theft of card data in this way has gone undetected for months or even years.
The natural evolution of ATMs towards open systems and IP networks offers big advantages but it also leaves ATMs vulnerable to the same attacks suffered nowadays by information systems all round the world.
There is no doubt that the assault and hijacking, even if partial, of a financial self-service network can be hugely profitable for organized criminal networks. Hackers who gain access to a financial self-service network can not only obtain valuable data or cash but also threaten the corporate image of the network-running organization.
Some years ago increasingly sophisticated ATM attacks came to light in Latin America and Eastern Europe, then spreading around the world with worrying speed. Sadly, many of these security incidents remain undetected for a long period of time and others are even hushed up. This means that the risks posed by attacks of this type are often underestimated.
Incidents investigated by Ukraine’s National Security Agency showed that the commonest way of carrying out these attacks was by conniving with the employees of the attacked organization. Many of these organizations have therefore reinforced security in their personnel recruitment procedures.
In most countries initial attacks involved the introduction of malware to obtain card data but this software soon evolved towards direct theft of cash. Such is the case of the well-known skimmer software, which marked a watershed in the awareness of attacks of this type.
Until recently whitelisting technology proved sufficient to combat these threats. Soon it had to evolve towards a combination of whitelists and application firewalls, a sophisticated control of devices and data loss prevention (DLP) systems. As the threats evolved, the security products had to evolve in line, and the most sophisticated products now incorporate not only all the above but also ATM disk encryption to prevent, among other things, reverse engineering of ATM applications and the development of new attacks by the organized mafias.
Mindful of the fact that the best response to this problem is to accumulate all these preventive devices in a single product specifically developed for ATM networks and keeping pace with the threats themselves, GMV has spent years developing and fine-tuning the only specific ATM security product on the world market today, checker ATM security.
checker is the first ever product specifically designed to harden the security of ATMs, kiosks and financial self-service systems in general. checker enables security to be managed in a centralized way, providing in a single product cast-iron control over the security of processes, communications and ATM devices, including process-whitelisting, built-in firewall, control of Java applications, control of device access, integrity controls by means of digital signatures, keyboard control, detection of track 2 writing and disk encryption.
checker brings all these capabilities together in a single product that is easily deployed by installing agents in each ATM. These agents are then controlled from a centralized console for managing the security of the entire network.
From the console a simple definition is made of ATM security policies; these are then automatically translated into specific rules applicable to ATM components.
These policies are sent to the ATMs and applied there by the checker agent, a single agent housed in the ATM and interfering in no way with normal operations.
checker also monitors compliance with all these rules, either from the checker console or in an integrated way with any monitoring console that may be available, recording any attempt to violate security policies for subsequent analysis.
Checker has been specifically designed to protect ATM and financial self-service networks. As such it has four prime characteristics that distinguish it from all other products:
- It is light, i.e., it consumes hardly any ATM resources, processing- or storage-capacity. It therefore does not interfere with normal ATM operation.
- It is compact, inasmuch as it is a single agent installed in the ATM to control all-round security. This feature distinguishes it from all other products, which call for installation of various solutions. Even if these are all made by the same manufacturer, cumulative complications are then inevitable.
- It is maintenance friendly; both the agent itself and the security policies can be updated in a very straightforward way from the console.
- Finally, it is dependable. We are well aware of the importance for you of ATM availability. If you have ever experienced problems in the normal functioning of your computer after installing an antivirus, rest assured this will never happen with checker.
checker has been designed to meet the strictest regulations, mitigating security risks in a simple and effective way with minimum impact on ongoing operations.
checker has now been deployed in many banks in the Americas, Europe and Asia. The community of checker users provides continual feedback of new needs that are then systematically phased into the product by GMV. This makes it the worldwide benchmark product for guaranteeing the security of your ATMs and self-service networks: checker ATM security.