IMGCAP(1)]
Growing incidents in which malicious software, or malware, has been installed in ATMs to steal cardholder information has led some ATM manufacturers to tout their prevention methods, but others contend this is an industry-wide problem, and vendors should cooperate with each other to defeat it.
"All manufacturers are vulnerable to these types of problems, and it is going to take a group effort to stop it," Terrie Ipson, marketing manager at Diebold Inc., tells ATM&DebitNews. "There are discussions going on among all vendors. It's a concern. These types of attacks are not unique to Diebold ATMs."
But rival NCR Corp. says Diebold and NCR employ different approaches in fighting malware, making cooperation difficult.
"NCR works closely with its customers and law enforcement officials on ATM security, but other manufacturers' approach to combating malware differs greatly from NCR," the company said in a statement.
In January, Diebold discovered that thieves installed malicious software in a number of ATMs throughout Russia to capture card information.
"It was a low-tech break-in, but a high -level use of software to capture cardholder data,"says Jim Pettitt, Diebold director of security strategy and planning. Thieves opened the rear of the ATMs to install the malware that changed the machines' internal controls, such as password-management numbers, Pettitt says.
Police arrested an undisclosed number of individuals, but neither Pettitt nor Ipson know the amount of funds withdrawn from the machines. They also did not know the number of machines in which the malware was installed.
Installation of malware is much different from its better-known cousin: card skimming.
With external skimming, criminals place phony devices over an ATM's card-acceptance slot to "skim" card information. Thieves also install miniature cameras near the ATM to record cardholders keying in their PINs. The thieves remove the skimming equipment after a few hours before downloading the information into a computer to make counterfeit cards. Malware is skimming's more sophisticated cousin.
Thieves install the malicious software inside the ATM, where it attacks the Microsoft Windows operating system, which operates many of the world's ATMs, Ipson says. Malware either replaces or modifies the manufacturer's authorized software, intercepting card information, including PINs.
External skimmers and malware, however, serve the same purpose: they steal cardholder information.
Once Diebold discovered thieves had installed malware inside some of its ATMs in Russia, the North Canton, Ohio-based company, issued a worldwide security alert to customers. "This latest offensive against Diebold ATMs is another example of the growing level of sophistication and aggression involving ATM-related crime," Diebold wrote.
NCR took advantage of the news by touting its software, which it says proactively prevents installation of malware. The Dayton, Ohio-based ATM manufacturer has sold more that 50,000 license agreements worldwide of its Aptra software, says Sharon Dickie, NCR vice president of marketing for financial services in Dundee, Scotland.
Aptra is NCR's self-service platform that runs on Windows and contains drivers, tools and programming for basic cash dispensing. To detect malware intrusions, NCR combines its Aptra software with Solidcore Systems Inc.'s software technology, Dickie says.
Solidcore's software prohibits the introduction of an unauthorized code to ATMs, protecting the machines from "inside out" malware attacks, she says. NCR has been selling Aptra software that contains Solidcore for a few years, but the Diebold incident sparked more sales and interest by banks and credit unions in the software, Dickie says, without disclosing any numbers.
"In the past few years, more than 100 banks and credit unions have purchased the software, but in the last year, sales have been growing," Dickie says.
Diebold installs Symantec Enterprise Protection firewall software on all 300,000 of its Opteva ATMs to prevent malware intrusions. ATM
