News
TLS Enabled ATMs May Still Be Vulnerable to Attack
Friday, July 05, 2019
View Showroom
Recent testing in DPL’s research and development lab has confirmed that some TLS enabled
ATMs in North America may be misconfigured, leaving them vulnerable to man-in-the-middle
attacks. The issue being that many TLS enabled ATMs leave TLS certificate validation disabled,
meaning anyone possessing the right knowledge can intercept and manipulate the data to
jackpot the ATM and/or read card holder data using readily available hardware and software.
“Simply enabling TLS is not enough. TLS certificate validation must be enabled and the correct
certificate needs to be installed on the ATM”, recommends DPL’s CEO Marc Albert. “IADs can
also try requesting message authorization codes (MAC) from payment processors to add an
additional layer of security like they do in Canada but the majority of US payment processors do
not currently support this” states Albert.
Committed to helping IADs and the industry as a whole to strengthen ATM security, DPL has
compiled TLS certificates for all major payment processors into a single file which can be
downloaded from their website. The file can be downloaded and placed on a USB storage
device which can then be used to install the file on ATMs.
DPL is inviting anyone with questions regarding proper TLS configuration or other ATM security
best practices to contact them toll-free at 1-800-561-8880 or by emailing [email protected] .
ATMs in North America may be misconfigured, leaving them vulnerable to man-in-the-middle
attacks. The issue being that many TLS enabled ATMs leave TLS certificate validation disabled,
meaning anyone possessing the right knowledge can intercept and manipulate the data to
jackpot the ATM and/or read card holder data using readily available hardware and software.
“Simply enabling TLS is not enough. TLS certificate validation must be enabled and the correct
certificate needs to be installed on the ATM”, recommends DPL’s CEO Marc Albert. “IADs can
also try requesting message authorization codes (MAC) from payment processors to add an
additional layer of security like they do in Canada but the majority of US payment processors do
not currently support this” states Albert.
Committed to helping IADs and the industry as a whole to strengthen ATM security, DPL has
compiled TLS certificates for all major payment processors into a single file which can be
downloaded from their website. The file can be downloaded and placed on a USB storage
device which can then be used to install the file on ATMs.
DPL is inviting anyone with questions regarding proper TLS configuration or other ATM security
best practices to contact them toll-free at 1-800-561-8880 or by emailing [email protected] .
Additional Resources from DPL
- 2/28/2024 - DPL Wins Prestigious ATMIA Peter Kulik Innovation Award for Hercules AI at ATMIA 2024
- 2/23/2024 - DPL Wins Prestigious ATMIA Peter Kulik Innovation Award for Hercules AI at ATMIA 2024
- 7/12/2023 - Decoding Cellular Network Signals: Your Guide to Better Connectivity
- 5/30/2023 - Benefits of Using Cellular Routers for Kiosks
- 5/30/2023 - 5 Things to Consider When Choosing the Best Cellular Router for Kiosks
- Show All DPL Press Releases / Blog Posts
Email
Social Media
Bookmark ATMIA.com
RSS