Insecure ATMs given dual protection

The worldwide banking industry has moved to plug potential security flaws as ATM networks increasingly adopt Microsoft Windows.

The Global ATM Security Alliance (Gasa), a body sponsored by banks and equipment providers, has created an ATM crime database, and has also issued a best practice advice.

In its first initiative, called Operation ATM Security Firewall, Gasa is making its Cognito database of ATM crime available to members. Cognito contains information collected from a network of crime enforcement agencies. Gasa said the information would help users develop effective crime counter-measures.

Gasa also issued The Best Practice Manual for ATM Transactional Security, which is designed to help companies use Windows-based terminals in a secure way.

In the past ATMs have operated on independent OS/2 networks, but the savings afforded by a Microsoft operating system have encouraged the financial services industry to move to Windows, which is a more common target for hackers.

"We want to empower users of Cognito to make informed decisions about preventive technologies, solutions and strategies," said Michael Lee, Gasa chairman.

A more immediate measure is the best practice manual. It details the minimum security measures required for safe operation of Windows-based ATMs.

"Banks pushed for the more cost effective systems but IT security departments are very concerned about the possible threat Windows poses," said Lee. "What this provides is a proactive and regularly updated security guide."

The manual will be distributed to all Gasa members and made available online in a password protected form. But Lee expressed a hope that it will become even more widely used. "We're unknown in Asia and South-America, possibly because of the language barriers. We're certainly hoping to get them involved too," he said.

Last year 13,000 Bank of America ATMs were brought to a halt by the Slammer worm as a direct result of migration to a Windows based system.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.