The Global ATM Security Alliance (GASA) (www.globalasa.com) has published its international best practices for ATM Cyber Security as the ATM industry enters its cyber era, due to the twin migrations from X25 & frame relay to TCP/IP and from OS/2 to Windows XP.
Whereas GASA’s General Cyber Security Manual, published last month, will help ATM companies with computer and network security at the corporate level, this new ATM-specific cyber security manual will afford windows-based ATMs a greater degree of defence against malware, “hacking” toolkits and utilities, denial of service attacks and other cyber threats.
The manual was authored by the Bank of Western Australia’s IT Technical Compliance Manager, Ian Simpson, after practical tests on the security of windows-based ATMs. Simpson worked with GASA’s Cyber Security Project Team to fine-tune his cutting-edge security guidelines.
“Financial institutions and ATM operators are replacing and upgrading aging Automatic Teller Machine fleets across the globe in order to satisfy regulatory and business imperatives. Consequently, new platforms utilizing mainstream technologies are being introduced, which is dramatically altering the vulnerability landscape associated with this traditionally proprietary system, “ explained Simpson.
“The recommendations presented in this manual are essentially designed to provide a common sense approach to risk mitigation as a result of the rapidly changing threat model that the introduction to the ATM channel of the Windows XP and other common use operating systems, as well as the TCP/IP network protocol suite, has created.”
It is the first time international cyber security guidelines have been published for the ATM industry.
“The ATM Cyber Security Manual should be read in conjunction with its companion manual about general cyber security to ensure a secure transition into the new cyber era. In addition, we have developed a Continuous Cyber Security Process (CCSP) white paper to be proactive in fighting what might be the next wave of ATM crime – namely cyber attacks,” commented Mike Lee, CEO of ATMIA and founding co-ordinator of GASA.
About the Global ATM Security Alliance:
The Global ATM Security Alliance (GASA) was formed by ATMIA (www.atmia.com) in June 2003 to protect the industry from the growing problem of cross-border ATM crime and card fraud. It is made up of law enforcement and fraud prevention agencies, card schemes like Visa and MasterCard, ATM networks, industry associations, manufacturers, Cash in Transit groups and security consultancies, with representation from United Kingdom, USA, Europe, South Africa, South America, Canada, Australia and India. Its main projects include: the creation of a global ATM crime database, a global fraud alert system, best practice manuals for the whole ATM security lifecycle, from cardholder security to cyber security, and a communications programme.
Tags: Security Computers