One CU's Journey To Get Its ATMs Triple-DES Compliant
Credit unions are under pressure to upgrade their ATMs to meet imminent legal and technological developments.
But that compliance can be "costly and cumbersome," according to Calvin Curdt, vice president of Information Systems at Anheuser Busch Employees' CU (ABECU).
Curdt should know. In December, ABECU completed the two-year project of making sure its fleet of 38 ATMs meet Triple DES (data encryption standard) requirements, Curdt said.
The $670-million CU is the first Diebold client to achieve end-to-end Triple DES compliance, according to Diebold, Inc., a leading ATM provider.
"We're all Triple-DES compliant, from keypads to network," Curdt confirmed.
One CU's Investment
ABECU spent about $200,000 bringing its ATMs in 23 branches across 11 states up to Triple DES and Encryption Pin Pads (EPP) standards, said Curdt. The figure also includes technologies to upgrade in-house intercept processing and to convert communication links to Internet Protocol, he said.
"You pretty much have to lay out the money or get out the ATM business," Curdt said, noting that Triple DES compliance is not optional.
Credit unions will spend about $200 million overhauling ATMs to comply with Triple DES, EPP and the Americans with Disabilities Act in the next 18 months, according to the credit union-owned Co-Op Network.
With compliance deadlines approaching as soon as June 2005, Triple DES encryption methods aim to improve the security of the encrypted PIN as it travels through networks.
Credit unions implementing EPPs will have a range of options that comply with Triple DES standards. EPPs attempt to ramp up PIN encryption at the point of entry.
Credit unions are advised to "have a good handle on their existing ATM inventory," so that they know exactly what hardware and software they lack for compliance, said Curdt.
"Be prepared that upgrading is expensive- manage the costs as best you can," he added.
ABECU ATM hardware upgrades cost between $1,000 and $7,000 per machine, depending upon the type of processors, disk drives and key pads needed, Curdt said.
The 72,000-member credit union stepped up as an early adopter of Triple DES technologies in part to avoid the last-minute rush when other financial institutions clamor to secure hardware and installation appointments, Curdt continued.
A Run of Another Kind
"There's going to be a run on parts as other financial institutions get their ATMs compliant," he said. "We're ahead of the game."
The clamor for compliance may be intensified by the complexity of the upgrade process, Curdt said.
Coordinating vendors on each upgrade day at ABECU was challenging, he explained. Before hardware and software are installed, a cash handler with an armored car pulled cash at the ATM. Then, after the ATM vendor installed the upgrades, communications specialists had to be on-hand to reestablish connectivity.
The process didn't end when connectivity was reestablished-the chain of events was completed again in reverse order, as the ATM vendor buttoned up the machine, and the cash handler restocked the coffer.
ABECU upgraded one to two machines per week, said Curdt, and each ATM was usually up and running after one day.
The credit union currently runs Diebold model 1062 and 1064 cash dispensers and uses the Ontario, Calif.-based Co-Op Network as a clearing house for all foreign transactions.
Triple DES functionality is driven by Cape Town, South Africa-based Mosaic Software's Postilion EFT transaction delivery system.
Triple-DES compliance at ABECU has brought about a change in attitude towards ATM upgrades, Curdt said. "In the past, we haven't used a regimented process to keep our ATMs upgraded, like we have with a desktop PC. We want the ATM process to be regimented so that we can lessen the impact of Triple DES upgrades in the future."