Working Groups Have Begun Compiling Data On Atm Security Issues

Hilden, Germany – At the Extended Board Meeting of the ATM Security Association in midSeptember, stakeholders of the association’s working groups reported on the current status of their efforts and outlined the next steps to make progress on the objective of improving ATM security at a global level. Association members had set up the working groups earlier this year to focus on the four areas of skimming, cassette security, software security and encryption.

The working group skimming is currently working on a white paper on ATM card compromising techniques and counter-measures. The paper will be released and shared with relevant industry groups upon completion (to be expected well before the end of the year). This working group is committed to developing standards for security technology, using best-practice advice and evaluation methods to prevent card data compromise attacks on ATMs, including methods such as card skimming, card shimming, eavesdropping and card trapping.

The working group cassette security is collecting data on typical risk scenarios for different cassette types by the end of 2015. The goal is to define best-practice methods for countering specific security risks associated with cash cassettes. These counter-measures will be described in white papers and industry best practice checklists following evaluation of the collected data.

The working groups software security and encryption are currently synchronizing and prioritizing a huge variety of topics. The working group software security is focusing on safeguarding ATMs against software attacks such as network sniffing, while the working group encryption is aiming to enhance ATM security through the use of cryptology, for example by reviewing possible improvements for cryptographic key management or secure components including EPPs, card readers and cash dispensers. Details on specific subject areas and initial results to be expected will be announced at a later date.

The overall purpose of the ATM Security Association is to bring ATM manufacturers, suppliers and operators, financial institutions and authorities together to build a secure platform for the analysis of threats, delivery of information and development of relevant industry security standards. Since its inauguration, the ATM Security Association has established a solid foundation for achieving this goal and is now on track to take the next steps.

| Download PDF

About the ATM Security Association for Enhanced Technology

The ATM Security Association for Enhanced Technology is a non-profit association dedicated to improving ATM security. Its aim is to compile information on recognized and potential attack scenarios on ATMs and share that information with specific industry groups to rapidly develop and implement counter-measures at a global level. The main purpose of the ATM Security Association is to create a global network throughout the ATM provider chain enhancing security including all involved parties like Global ATM manufacturers, Suppliers, Financial Institutions, Service Providers and IADs. One of the primary goals of the ATM Security Association is the creation of security standards focused on the deployers’ self-service channel. The focus of the association will be on both hardware and software-related threats, physical and logical attacks. The target is to consider the total environment of the ATM that can have a direct impact on secure usage and operations.