ATM machines cry out for security

ATM machines may be a new target for hackers. A report by the managed security firm, Network Box, outlined several threats to these commonplace banking tools. They include IP worms, disruption of the IP network, denial of service and the harvesting of transaction data for malicious purposes. The report said that banks and financial institutions are not securely protecting customers' data. The reason may be because the technology is too old.

An estimated 70 percent of current ATMs are based on PC/Intel hardware and commodity operating systems using standard IP networking. Many financial institutions have opted for cheaper systems rather than the best security. And that means that credit/ATM card numbers, transaction amounts and account balances could be easily captured by hackers.

"Most people simply assume that because an ATM is invariably provided by a bank, the transactions and the data being transmitted must be secure," said Mark Webb-Johnson, chief technology officer at Network Box. But that might be assuming way too much. Network Box recommends that all traffic to and from ATM machines should be encrypted, not just the PIN number. ATM networks should also be separated from the rest of the bank's network, thereby allowing them to be closely monitored and controlled. If your ATM machine isn't secure, what is?

For more on ATM vulnerabilities:
- See this VNunet article