Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

how to mitigate against $ theft from ATM machines

Posted on 2016-07-17
5
Medium Priority
?
179 Views
Last Modified: 2016-11-23
http://cnnphilippines.com/business/2016/07/16/hackers-taiwan-atm-theft.html

Besides CCTV camera in place, how else can we mitigate against the above?

Is it due to poor coding standards of the ATM software as understand the thieves
don't need an ATM card to commit the above.  Dont think the thieves use an axe
or drills to break into the ATM to gain access to the $
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 

Author Comment

by:sunhux
ID: 41715684
As ATMs usually use a custom OS, is there such thing as installing anti malwares in
ATM ?
0
 
LVL 88

Assisted Solution

by:rindi
rindi earned 320 total points
ID: 41715697
Your only effective choice is to take the machines offline and wait until the authorities have found out what actually happened, and then wait for the machine vendor to plug the "hole" in their software or hardware.

Before the case has been solved everything is pure speculation as no one will know what actually happened.
0
 
LVL 98

Assisted Solution

by:John Hurst
John Hurst earned 240 total points
ID: 41715730
There is nothing you can do about the machines themselves. As noted above you must wait for the machine supplier / owner to fix issues.

I do the following with my Bank Card.

1. I have a decent PIN not easily guessed.
2. I keep track of my card(s) (I have multiple bank cards).
3. I cover the keyboard with my left hand while keying in my PIN with my right hand. Thieves have been able to install small cameras to get your PIN.  Make sure this cannot happen.

With these steps above, you are as safe as can be.
0
 
LVL 64

Accepted Solution

by:
btan earned 1440 total points
ID: 41715810
Actually need some regime check regularly like health report card of those ATM (besides filling them with cash). For example, key checks include
- ATM software to be verified - regular security review report on version update (what is patched)
- ATM firmware to be verified - check against patch against hardware provider (any backdoor or remote access code), tamper proof trigger alert & erasure (able to detect these physical attempt and alert)
- ATM store to be verified - secure at rest and wipe temp storage (filesystem check)
- ATM access control to be verified - physical check on spy reader (skimmer) or wireless attachment to device, check account login trail (http://krebsonsecurity.com/category/all-about-skimmers/)

Good to reference PCI-DSS instead
As organized global crime syndicates target ATMs, the financial industry needs a global ATM
security standard to promote the availability of secure ATMs. The main characteristics of this
standard are:
 Focus on mitigating the effects of skimming and PIN-stealing attacks
 Primarily targeted at products from ATM vendors and deployers
 Provide a complementary framework for device approval (evaluation methodology,
evaluation facilities, and approval management)
https://www.pcisecuritystandards.org/pdfs/PCI_ATM_Security_Guidelines_Info_Supplement.pdf

..and some checklist covering areas such as below though not all are available but priority should be at the the compromise and fraud prevention checks
             ATM Physical Attack Checklist (APA)
               ATM Cash Trapping Checklist (ACT)
               ATM Deposit Fraud Checklist (ADP)
               ATM Dispenser Manipulation Checklist (ADT)
               ATM Card Trapping & Card Theft Checklist (ALT)
               ATM PIN Compromise Checklist (APC)
               ATM Skimming & Systems Compromise Checklist (ASK)
http://www.atmsecurity.com/articles/atm-fraud/tools-atm-fraud-and-atm-security-checklists.html
0
 
LVL 27

Expert Comment

by:tliotta
ID: 41899953
...how else can we mitigate...
Who is "we" in your question?

Is that a question about ATM customers? If so, you can only separate funds into accounts not accessible by ATM.

Or is it about any banks that use those ATMs? If so, ask the ATM vendors.

Up until a decade or so ago, the vast majority of ATMs ran OS/2. (For well beyond the general commercial availability.) But a Windows variant had begun displacing OS/2 because of wider experience (rather than better security, etc., AFAIK.) I've seen no reason to believe that things got better after that. I haven't followed for a number of years, so Linux might have made inroads.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question