ATM Industry Association highlights reverse-engineering and targeting of ATM software as the new fraud frontier
Reverse engineering of ATM cash dispenser software will be highlighted as a rising threat at the ATM Security 2011 event this week.
The conference, staged by the ATM Industry Association (Atmia), will cover a range of cash dispenser crimes and how to prevent them. Issues ranging from the low-tech, including using art and design to improve ATM security, to how high-tech crime, such as logical fraud – which encompasses cybercrime, malware and hacking – poses an ever-increasing threat to the security of ATM networks.
High-tech gangs pose new risk
Atmia, which will be publishing its Best Practice Manual on 20 October, recognises that targeting ATM software is a new frontier of fraud, and reverse engineering (RE) by criminal gangs is one of the most dangerous threats facing the industry.
Through its ATM Security Forum, the association aims to encourage the use of security best practices for ATM software worldwide, especially focused on Windows XP platforms for ATMs. Completed Best Practices for ATM Software Governance in order to secure and harden the ATM node and system, continuing to monitor PCI ATM and evolving software threats.
According to Julia Titova, business development director of StarForce Technologies, RE enables criminals to gain access to individual bank accounts and to banking software systems, giving rise to the threat of widespread theft and fraud.
“Unprotected applications can be easily reversed-engineered by even an intermediate level hacker. Once the RE process is complete, the hacker understands how an application works and is able to bring new functionality or use the application for his own needs.”
The greatest risk, she adds, is that such penetration is not easily detected, since operations continue to function normally, and the fraudster can launch the malware mechanism at any time.