How safe are our ATMs?

POSTED: 02/11/14 9:57 AM

Automatic Teller Machines, or ATMs, are popular targets for international criminal gangs. It is apparently easy, or at least doable, to fool these machines with forged bank and credit cards. Up to a point of course; the security departments of local banks have managed to catch some of these criminals in the past. Then it is payback time in court.

Now these ATMs are under threat of a development in the software universe. Microsoft will abolish its support for its Windows XP operating system in April. About time, some might say, because XP is twelve years old – that is ancient in any IT-environment. Still, many computers are still using XP. That would not be such a disaster, if XP were not also the software that supports ATMs. According to a report in Trouw, 95 percent of all ATMs in the world currently rely on Windows XP.

A rather somber, if not alarming, industry estimate says that by April at most 15 percent of all those ATMs will have a new operating system. The remaining 85 percent will rumble on with the by then unsupported Windows XP. How bad is that?

As soon as the manufacturer no longer supports an operating system, security leaks surface. Viruses and hackers will have the run of the place and it is no longer possible to guarantee the stability and security of the system. This is especially true for machines that are hooked up to the internet.

Trouw approached two large banks in the Netherlands – ING and ABN-Amro about the situation. They are both unable to guarantee that in April all ATMs will run on a new – and therefore secure – operating system. A spokeswoman for ING said that the bank does not make any statements about security issues, adding that the bank does not feel the need to make criminals smarter than they already are.

ATMs are hooked up to the internet via a secure internal network. That sounds comforting but still, there is a connection with the outside world. Information about account balances and ATM-transactions are instantly available via internet banking. If there is a way out, there should also be a way in. However, the banks remain firm: they do not make any statements about it. While this may be a sensible strategy, it does little to reassure its customers.

Hacking ATMs has been a popular criminal pastime for years but until now this was predominantly a physical operation. Malware like Ploutus (available in Mexico and English-speaking countries) gives criminals the possibility to take control of ATMs on their software level. Before this is possible, the criminal must have physical access to the ATM. Now the door seems to open to hacking ATMs via the internet. Again, the banks decline to comment on this possibility, even though this must be a reason for concern for thousands of bank clients.

ABN-Amro looks at the bright side and told Trouw that is guarantees a smooth transition to the windows 7 operating system and that it clients will be able to continue using their ATMs in a secure way. The ATMs themselves will not be replaced. At ING even the choice for the new operating system is privileged information, though this bank also guarantees a smooth and safe transition.

April will show what those guarantees are worth. They seem to be at least more than slightly at odds with the opinion of industry watchers that 85 percent of all ATMs will still run on windows XP come April. And that means that many ATMs will be vulnerable from that moment on – no matter how much bankers want their customers to believe that everything is secure and taken care off.

Did you like this? Share it:
How safe are our ATMs? by

Comments are closed.