Open A Service Order 800-423-3343 (EDGE)

Compliance Archives - Financial Equipment for Retail & Financial Institutions | Edge One LLC

Compliance

ATM Jackpotting – What You Need to Know

by

ATM jackpotting isn’t new. Back in 2010, a security researcher named Barnaby Jack took to the stage at a Black Hat security conference to demonstrate this ATM exploitation, making two ATMs dispense fake paper currency. It would be 8 years later when the first ATM jackpotting attack would occur in the United States. Now, this form of ATM attack is on the rise. So, what exactly is jackpotting and what can you do to protect your ATM investment?

What is ATM Jackpotting?

With ATM Jackpotting, thieves typically target stand-alone or retail ATMs in locations that help them avoid a bank’s security. They will often dress as a service technician and access the ATM using force or keys that are purchased easily on the internet. Once they have gained access, the criminal can connect to the ATM and install malware that enables theft of the cash reserves. They will often have an accomplice that will visit the ATM once they have left to collect the cash.

Laptop Keyboard with Hacked Key - Protect your ATM from jackpotting with Edge One

How do I protect my ATM from jackpotting?

While cyber criminals continue to look for vulnerabilities, there are several things that an ATM owner can do to help mitigate their risk. These low-cost, simple practices can help avoid being left vulnerable to cyber jackpotting attacks.

Security camera - Secure your ATM

ATM Placement

These thieves are on the lookout for ATMs that allow them to get in and gain access without detection. Unfortunately, many retail establishments will leave their ATM in a dark area in the back of the store or restaurant. It is important to place your ATM in a well-lit area that is easily monitored by staff and security cameras. Be sure to place security cameras with angles that provide a clear view of both the back and the front of the machine.

Software Updates

ATM manufacturers release regular software updates and related modifications that ensure ATMs stay ahead of potential risks and emerging threats. Old, outdated ATM software leaves your machine open to a variety of issues, jackpotting included. It is important that you install software updates as soon as possible after release.

Know your technicians

Familiarize yourself with the company responsible for the maintenance, replenishment and updating of your ATMs. Get to know their vehicles, uniforms, and your assigned technicians. Do not be afraid to ask for identification. Your ATM management company should be forthcoming and communicative so that you can stay informed of any changes in schedule or assignments.

Contact Edge One to Protect Your ATM Assets

The Edge One team can provide you with a free risk assessment to determine any vulnerabilities that may be present. Our team of professionals will provide a plan of action to ensure your ATMs are up to date, safe, and secure. For more information, Contact the team at Edge One at 800-423-3343(EDGE).

Upcoming PCI / EPP Compliance Mandates

by

In 2019, PCI (Payment Card Industry) announced new revisions for PCI PIN security requirements. PCI’s function is to set standards that ensure secure handling of customer PINs and data. PCI planned for a phased implementation of updates to provide a more secure method of transferring encryption keys from an ATM’s host processor to the ATM. Circumstances, such as Covid-19, resulted in an update to the compliance deadline dates. The dates below reflect these changes.

PCI PIN Security Requirement Dates:

  • December 31, 2022: Replace ATMs or upgrade EPP for ATMs with PCI PTS v1 or older
    (v1 EPPs are Less secure technology)
  • January 01, 2025: EPP hardware, firmware and software uses TR31 Phase 3 “Key Blocks”

Are your ATMs compliant?

In order to ensure the integrity of your ATMs, the current hardware and software needs an update. Failure to do so leaves your ATMs vulnerable. These vulnerabilities include risk of fraud, security attacks, data compromises and loss of revenue. As an ATM owner, the ATM networks consider you liable for any fraud or data breach involving your ATM. You could assess penalties or have any non-compliant ATMs shut down.

Additional Information:

PCI Bulletin

HYOSUNG ATM Security PCI Compliance Update

VISA PIN Security Bulletin

What actions should you take to ensure your ATMs are ready?

Prior to January 1, 2025, all ATMs will require, at a minimum, a software update. In addition, you may be required to replace your electronic PIN pad (EPP) or your ATM entirely. If you own or operate an ATM, do not leave this to chance. Contact the team at Edge One at 800-423-3343(EDGE). We will help audit your ATM fleet to ensure you are updated and compliant.

,