Software Security

Prevent booting from a removable media (including disabling auto play)

BIOS editing must be password protected

Establish an adequate operational password policy for all passwords

Implement communications encryption (SSL encryption or VPN)

Establish a firewall

Remove unused services and applications

Deploy an effective anti‐virus mechanism

NCR recommends active whitelisting applications which go beyond traditional antivirus programs

Establish a policy for secure software upgrades

Ensure the application runs in a locked down account with minimum privileges required

Define different accounts for different user privileges

Establish a regular patching process for all software installed

Physical Security

It is important to consider the environment, and scale the physical security protecting the ATM accordingly. ATMs in unattended public locations are at highest risk.

The following best practice guidelines for all ATM’s are strongly recommended, but specifically for those in higher risk ATM environments.

Utilize an alarm that will alert when the Top Box is opened

NCR Skimming Protection Solution provides this functionality

Card Reader Guards (CRG) – The addition of a bar that makes it virtually impossible for the type of applique, or overlay skimmers

L3 Dispenser – Dispenser encryption is enabled by default on all SelfServ ATMs, however, the authentication level must be configured to L3

NCR also recommends the use of other deterrence methods such as; Surveillance monitoring, which will also detect and record suspicious activities around the ATM

Adequate ambient lighting