Securing Your ATM Systems Series
Part 1: Cummins Allison Advises to Start at the Top with ATM Security
September 20, 2016, Mt. Prospect, IL – For financial institutions (FIs), security threats are everywhere. From brute force physical attacks such as “smash and grabs” to sophisticated cyber malware, FIs are forced to protect ATMs against a broad range of threats.
In part one of this three-part news brief series, Cummins Allison, the leading innovator and provider of check, currency and coin handling solutions, as well as ATMs, outlines the role that an FI’s executive team has when it comes to ATM security.
ATM Security Breaches on the Rise
Recent figures from FICO indicate that the number of U.S. ATMs compromised by criminals rose a whopping 546 percent from 2014 to 2015. The general consensus is that this surge is due to criminals working to get in before the EMV migration in the U.S. reaches critical mass to reduce skimming. However, even after EMV technology is completely in place, one thing is certain: as long as there is cash stored in an ATM, there are people who will attempt to steal it. Given enough time, the right tools and determination, any ATM can be breached.
Boosting ATM Security Starts at the Top
What impacts will your FI suffer if your ATM is compromised? Perhaps the biggest blow, and most difficult to repair, will be to your reputation. Fortunately, there are proven steps FIs can take to increase ATM security posture, and starting with the C-Suite is the first step.
Start at the top with the board of directors and the c-suite. Given the scope of the potential impacts of an ATM security breach, security needs to be an explicit part of an FI’s enterprise risk management strategy. And for FIs, involving your C-Suite and board of the directors is an important step in the risk management process.
Help your executive team understand your ATM risk profile. The impact of ATM security on your institution’s overall risk profile needs to be clearly understood by your board and management. Make sure senior executives have the information and resources they need to properly understand the scope of the ATM security needs and what it will take to address them.
Executives don’t want to get into the technical details of what a specific threat does, but they need to be able to quantify what the risk is. This will help them better understand the level of funding that will allow the FI’s operational teams to properly craft a security policy that will help address threats. Such threats include card skimming, card trapping and “smash and grab” physical attacks in which the perpetrators try to steal the entire machine.
Get to know the proper tools and guidelines. The Federal Financial Institutions Examination Council’s tool and guidelines include a number of recommendations for FI boards, even for those institutions determined to be at the lowest assessed risk level. Among them are:
Discuss ATM risks at board meetings; this will help to better understand the scope and depth of the problem and keep a focus on ATM security.
Consider information on security-related expenses and tools in the annual budgeting process.
Complete a formal risk assessment.
Conduct regular, not less than annual, employee training.
Just one ATM security breach or theft of customer data can cause widespread damage to your reputation. To learn more about how to assess your current and future ATM security requirements, visit www.cumminsallison.com/atm.
About Cummins Allison
Cummins Allison is the leading innovator and provider of check, currency and coin handling solutions, as well as full-function ATMs. Our world-class sales and service network includes hundreds of local representatives in more than 50 offices in North America, 6 wholly-owned subsidiaries and is represented in more than 70 countries around the world. For more information about our award-winning solutions, visit www.cumminsallison.com.