The worldwide banking industry has moved to plug potential security flaws as ATM networks increasingly adopt Microsoft Windows.
The Global ATM Security Alliance (Gasa), a body sponsored by banks and equipment providers, has created an ATM crime database, and has also issued a best practice advice.
In its first initiative, called Operation ATM Security Firewall, Gasa is making its Cognito database of ATM crime available to members. Cognito contains information collected from a network of crime enforcement agencies. Gasa said the information would help users develop effective crime counter-measures.
Gasa also issued The Best Practice Manual for ATM Transactional Security, which is designed to help companies use Windows-based terminals in a secure way.
In the past ATMs have operated on independent OS/2 networks, but the savings afforded by a Microsoft operating system have encouraged the financial services industry to move to Windows, which is a more common target for hackers.
“We want to empower users of Cognito to make informed decisions about preventive technologies, solutions and strategies,” said Michael Lee, Gasa chairman.
A more immediate measure is the best practice manual. It details the minimum security measures required for safe operation of Windows-based ATMs.
“Banks pushed for the more cost effective systems but IT security departments are very concerned about the possible threat Windows poses,” said Lee. “What this provides is a proactive and regularly updated security guide.”
The manual will be distributed to all Gasa members and made available online in a password protected form. But Lee expressed a hope that it will become even more widely used. “We’re unknown in Asia and South-America, possibly because of the language barriers. We’re certainly hoping to get them involved too,” he said.
Last year 13,000 Bank of America ATMs were brought to a halt by the Slammer worm as a direct result of migration to a Windows based system.