THE “ONION PRINCIPLE” IN ATM SECURITY.

February 7th, 2019 By Dr. Eduardas Vaigauskas, Vice-President, Global Business Development, SPL Group

The security of ATMs becoming more and more complex and as a result, require a more complex approach.
It must be systematic, “coordinated” and multi-layered.
ATM security depends on all sides involved in the ATM manufacturing, installation, running and using process.
The cardholder must be educated on how to use the ATM to avoid possible card skimming!
The special design of the ATM shutter, made by the ATM vendor, could significantly lower the chance of “cash trapping” by criminals.

The special SW installed by the ATM owner could prevent criminals from installing the special malware on ATMs.
The small device along with SW “agent” running on ATM will not allow performing “black box attack” on the ATM when it can be emptied in some minutes even without opening the vault of the machine!

All “actors” participating in ATM security must be involved, including also criminals itself. Criminals must be “educated” they get fewer chances for a successful attack on the ATM if the ATM owner follows the right strategy in ATM security!
This is very important especially avoiding the “brute force” attacks (ram raids, explosions using gas or solid explosions), due to the fact these type of attack can be accompanied with the high “collateral damage” or even loss of human life! “Education “ of criminals will also help to avoid damages they can do to ATMs due to unsuccessful attacks if the right security solution has been implemented on the machine!

The “experience” we have learned from the attacks on the ATM has clearly shown the strategy in ATM security must be multi-layered, protecting ATM from the whole complex of possible risks.

We call it “The Onion Principle”!

If anti-skimming device is installed on the ATM, it will protect the machine against placing the “overlay” skimming device on the facia of ATM. Still, the installed device will not protect the ATM against the “deep insert skimmer” and definitely it will not help in the case if criminals will manage to launch the malware on the ATM!
Even installing an “anti-virus” program on the ATM possible will not help here, due to the fact viruses used on ATMs are “different” from what commercial anti-virus SW is “expecting”.

One will need here the “special” solution, developed specially for ATM protection.
Even if the ATM owner has invested in anti-skimming solution and inappropriate “malware protection”, this doesn’t mean it has avoided all risks related to ATM security!
If criminals get access to the cabling, coming from PC inside ATM to the “cash dispenser”, they will be able to empty the entire ATM using a laptop or just mobile phone!
Last development in the “criminal technology” development has eliminated completely even the necessity to get access to the ATM!
So-called “fake host” technology allows the criminal to empty the ATM just getting access to the network cable, connected to the machine!

Our “Onion Principle”

means the security strategy shall address not one “isolated” risk source, but possibly as many as possible, or as many as the ATM owner can afford.
Till last time the two biggest hurdles in implementing “Onion Principle” in large scale by ATM owners were: the price and the complexity of implementation, partially due to the inability to get all necessary solution from “one hand”.
SPL GROUP has developed simple, a very affordable systematic solution addressing the most “probable “ attacks to ATM for the very affordable price!

We call the solution The “ULTIMATE ATM SECURITY COMBO” or “UASC”!

The UASC is targeted to diminish (or completely eliminate) risks related to:

1. CARD SKIMMING (including stereo and deep insert skimming)
2. JACK-POTTING (HW or SW based)
3. BLACK BOX ATTACK
4. MALWARE BASED JACK-POTING

SPL GROUP currently is offering two UASC “editions”: Gold and Platinum.

GOLD EDITION of ULTIMATE ATM SECURITY SUITE includes:

1. StopSkimmer (Active Jammer Unit, Anti-Skimming Bezel, Ethernet Port) – a state-of-the-art high-tech anti-skimming solution that uses a dual jamming antenna, patented jamming algorithms, special deep-skimming prevention HW, Note: Remote management and monitoring solutions are optional
2. ATM Armor – possibly the only HW/SW solution on the market that protects ATMs from most Black Box and Jack-potting attacks. It even protects against “fake host attacks” – with some host adjustments possibly being necessary
3. Checker (the “Checker Crypto“ module) – the best software to secure your ATM application, libraries, and operating system integrity. Leveraging cryptographic signatures and Hard Disk Encryption.

The GOLD EDITION ULTIMATE ATM SECURITY SUITE covers all known ATM security needs, except for physical attacks, and is immediately available for the incredibly low introductory price of only $899 for up to 100 units (no shipment expenses included).

The PLATINUM EDITION ULTIMATE ATM SECURITY SUITE includes additionally DSS (Detector Skimmer System) – the “active” bezel to StopSkimmer anti-skimming device, that immediately switch the ATM “off line” in the case if the skimming device is installed on ATM card reader.

The complete “Checker” solution is included in Platinum Edition.
The Platinum Edition is available for $1199 (no shipping cost included), for the volume of up to 100 units.