ATM Security Study

In the last few years the typology and numbers of attacks against Automated Teller Machine (ATM) systems have increased. The traditional physical attacks have given way to cyber attacks. ATMs are connected to Internet and to banks network. They often run obsolete operating systems with more or less known associated vulnerabilities. The attack tactics, techniques and procedures could vary from the physical introduction of malwares onto the hard drive, to the point of stealing prepaid card numbers from database.

ATMs deployers are aware that advanced security devices and regulatory compliance are not sufficient to face the "creativity" of criminals. Advanced Persistent Threats are seriously threaten several kind of infrastructures and ATMs systems could be a profitable target.

The future of ATMs should consider how to update the countermeasures to the new attack typologies, above all considering the new services ATMs could deliver. The report "ATM Future Trends 2015", published by ATM marketplace and Auriga, shows U.S. consumers' interest in enlarging the ATMs services. Some examples are: check cashing at the ATM, bill payment, real-time transactions, cardless cash withdrawal using mobile app, virtual currency exchange and so on.

The ATMs market probably will not be negatively impacted by new technologies, on the contrary it could benefit from them.

For all these reasons, GCSEC is coordinating a study group that aims:

to provide an overview of current security situation of ATMs, considering the classic and emerging threats;to consider the evolution of the ATMs systems and services and the security concerns it implies.

The study group coordinated by GCSEC is composed of Braintech, Consorzio Bancomat, Kaspersky, NCR, Security Brokers, Wincor. The study results will be published on the report "ATM: A look at the future and emerging security threats landscape". The target group of the publication are the decision makers and security managers of banks and ATMs deployers. The work is intended to share experts' recommendations in order to aware ATMs stakeholders of security implications behind the services delivered nowadays and in the future.

You can download the study results on "Publication" page of our website.