ATM Security Risk

Monday 15 December 2003 13:44 CET | News

An increasing number of US automated teller machines (ATM) are migrating from legacy technology systems to Microsoft Windows environments. With this shift comes the potential for greater functionality and performance, as well as a significant risk previously unknown to ATM networks - attack from a broad range of computer viruses.

In August 2003, two US banks experienced the first case of a Windows-based virus to ever infect an ATM. Although a single ATM vendor took the brunt of negative press, any Windows-based ATM on the affected networks may have been impacted, or at least were susceptible to the same infection. New research from TowerGroup looks at the growth of this new threat, and explores how the clean room environment used by the semiconductor industry to eliminate contaminants may hold valuable lessons for the financial service industry. Highlights of the research include: - Viruses, worms, exploits and other malicious software have grown beyond the threat to home users and corporate e-mail systems. They now threaten the very networks that process our financial information and transactions, like ATMs. - While the Windows platform is not inherently less secure than competitive products, it is open to a larger number of users and - most significantly - more open to users that mean to inflict damage through the creation of viruses and other types of attacks. - Banks have spent millions of dollars implementing network firewalls to prevent unauthorized access from hackers dialing in from home. Yet they place ATMs on street corners and bypass firewalls by connecting those machines directly to the network. ATMs have always been viewed as trusted resources, so most ATM networks are exempt from security policies - a dangerous mindset that must change with the times. - Like the semiconductor industry, financial institutions may have to resort to creating software clean room environments to protect the purity of the systems they operate - not just for ATMs, but for every business system that could be affected by a virus or other contamination. The software equivalent of a clean room would offer increasing levels of security that ring the development and deployment of critical systems. This would be a major shift from todays security protocols, which tend to deal solely with generic threats with little or no differentiation in policy and process between the corporate network and the networks that operate the banks business.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: ,
Categories: Payments & Commerce | Payments General
Countries: World
This article is part of category

Payments & Commerce