This blog post was written by Teresa Wingfield.
Given retail banking customer’s non-ending appetite for greater ATM self-service functionality at ever-increasing locations, it’s not surprising that banks are having trouble delivering rigorous security. According to a recent Forrester Consulting study commissioned by Diebold , financial institutions lack confidence in their current ATM security. Even though 21 to 30% of all their in-house security efforts are devoted to ATMs, technology and resource issues create challenges for keeping up with frequently changing ATM security needs and compliance requirements. Forrester goes on to say that financial institutions consider partners for support, but are concerned about handing over control.
What is McAfee Integrity Control?
McAfee Integrity Control provides security for fixed-function devices such as ATMs to help address many of the concerns raised by Forrester. It combines whitelisting and change control to block unauthorized applications and change.
Whitelisting is a simple, yet effective solution. A whitelist is a list of trusted applications that are allowed to execute. So, when an unknown threat tries to run, it can’t because it’s not in the whitelist.
Change control consists of file integrity monitoring and change prevention, important ways to identify and stop security risks. Integrity monitoring provides real-time visibility of change events and sends alerts when there are critical and unauthorized changes. Change prevention provides the ability to enforce making only authorized changes and performing them within the pre-set boundaries as defined by corporate policy.
Why McAfee Integrity Control for ATMs?
Let’s take a look at some specific examples of how McAfee Integrity Control can help retail banks tackle some of their toughest ATM security challenges.
- Simplifying Security Implementation — Thieves can use malware to drain an ATM’s cash or steal account numbers and PINs. However, malware protection for a network of ATMs can be difficult to implement since it uses virus signatures. You have to ensure .DAT files containing signatures are distributed and kept up-to-date. McAfee Integrity Control, on the other hand, locks down ATMs without requiring signatures. This is a more efficient approach that prevents unauthorized software such as malware to run.
- Keeping ATMs Up-to-Date — Banks need to safely make volumes of ATM software updates without the need to visit each ATM for every update. McAfee Integrity Control makes it possible to implement and automate a change management process for ATMs without human intervention using trusted updaters that are approved sources of change.
- Solving the Remote ATM Service Challenge — McAfee Integrity Control allows for certified and authorized updates to be easily created and distributed to personnel servicing ATMs and limiting scope to only the changes authorized time maintenance window. Even if the technician has “Admin” login privileges, McAfee Integrity Control will not allow additional alterations to the ATM.
- Improving ATM Security Compliance —Change Audit, a key feature of McAfee Integrity Control, supports accountability and audits by identifying the time and source of changes, files that were changed, and the user logged in to the system when changes were made. Having this level of control for ATMs delivers end-to-end continuous compliance by both knowing and stopping unauthorized and unwanted changes.
- Meeting the Needs of Fixed-Function Devices — An ATM is a fixed-function device, meaning it has a fixed CPU and memory. McAfee Integrity Control delivers minimal impact on the performance of fixed-function devices with its low memory and CPU usage and with no file scanning requirements.
Click here to learn more about how McAfee Integrity Control can help you deliver stronger security and compliance for your ATMs using less resources.
 Forrester Research on ATM Security: How Prepared Are You?, March 16, 2016 http://blog.dieboldnixdorf.com/forrester-research-on-atm-security-pt1/#.V_Kd8u_rtaQ