+ All Categories
Home > Documents > SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core...

SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core...

Date post: 25-Apr-2020
Category:

Documents
Upload: others
View: 4 times
Download: 0 times
Download Report this document
Share this document with a friend
60
SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE
Transcript
Page 1: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE

Page 2: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR – Confidential - Use and Disclose Solely Pursuant to Company Instructions

A brief history…

Page 3: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR Confidential

Page 4: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR Confidential

Page 5: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR Confidential

friction confusionExperience +=

Page 6: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR Confidential

Page 7: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR Confidential

1. Enter your account number

2. Enter your TPIN

Page 8: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR Confidential

Page 9: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR Confidential

1. Insert your card2. Enter your PIN

Page 10: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR Confidential

Page 11: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR Confidential

Page 12: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR Confidential

Page 13: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR Confidential

AGAIN…

Page 14: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR Confidential

AGAIN…What to do?

Page 15: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

2 Factor Authentication

Page 16: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized
Page 17: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized
Page 18: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized
Page 19: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized
Page 20: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

THE POWER OF PRE-STAGING

20

Page 21: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR – Confidential - Use and Disclose Solely Pursuant to Company Instructions

Page 22: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR – Confidential - Use and Disclose Solely Pursuant to Company Instructions

Realized the power

of prestaging long ago

Page 23: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR Confidential

Page 24: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR Confidential

Checkin at Home, speed up transaction at airport

Page 25: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR Confidential

Page 26: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

BIOMETRIC AUTHENTICATION

26

Page 27: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized
Page 28: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized
Page 29: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR Confidential

1. Enter your account number

2. Enter your TPIN

We go from this…

Page 30: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR Confidential

1. Enter your account number

2. Enter your TPIN

My voice is my password

Page 31: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR Confidential

1. Enter your account number

2. Enter your TPIN

My voice is my password

Page 32: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR Confidential

1. Insert your card2. Enter your PIN

We go from this…

Page 33: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR Confidential

1. Insert your national ID card

2. Scan your fingerprint

Page 34: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR Confidential

We go from this…

Page 35: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR Confidential

happiness

experience becomes

Page 36: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR Confidential

Page 37: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

Black BoxOnlineOfflineNetworkUnknown

The Growth and Geographic Expansion of Logical Attacks since 2013 Requires URGENT Action

Mexico Mexico Mexico

Germ…

Mexico

Russia

Guatemala

MalaysiaBrazil

Dominican RepublicUK

Russia Russia

MexicoCanada

Jordan OmanRomania

Mexico IndiaSpain

Hungary

Brazil IndiaGermany

RussiaPoland Russia

USAUkraine IndiaUkraineRussia RussiaRussia IndiaItaly Brazil

GermanyEstoniaSwedenGreece Brazil

GermanyRomaniaCzech Republic India

UK ThailandMexicoMexico Dominican Republic

ItalyMexico

SpainPhilippines

CyprusRussiaCyprus

IrelandPeru

UK Dom Rep

IndiaUKNorway

Czech RepublicUKUK

0

10

20

30

40

50

60

70

80

Oct‐12 May‐13 Nov‐13 Jun‐14 Dec‐14 Jul‐15 Jan‐16 Aug‐16 Mar‐17

Tota

l N

o of

atta

cks

Page 38: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

Malaysia

Over $19 million lost

Logical Attacks responsible for major losses

Germany

Approximately $200K in losses

Canada

Multiple malware attack attempts made

Brazil

Lost more in 1 day than in the previous year

United Kingdom

Potential losses of $300K per ATM affected

Mexico

Over $12 million in losses in 2013

NCR Confidential

Page 39: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

Logical Attacks

Black Box

EMERGING NEW LOGICAL THREATS

NCR Confidential

Malware in the

Network

Malware on the ATM

39

Page 40: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

Logical Attacks

Black Box

EMERGING NEW LOGICAL THREATS

NCR Confidential

Malware in the

Network

Malware on the ATM

40

Page 41: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

Black Box Attacks

Criminal gains access to the Top Box of an ATM

NCR Confidential

Page 42: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

Black Box Attacks

Criminal gains access to the Top Box of an ATM

Bypasses the ATM’s core processor and connects

an electronic device to the cash dispenser

NCR Confidential

Page 43: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

Black Box Attacks

Criminal gains access to the Top Box of an ATM

Bypasses the ATM’s core processor and connects

an electronic device to the cash dispenser

Send unauthorized commands to dispense the

cash from the ATM

NCR Confidential

Page 44: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

Black Box Attacks

Criminal gains access to the Top Box of an ATM

Bypasses the ATM’s core processor and connects

an electronic device to the cash dispenser

Send unauthorized commands to dispense the

cash from the ATM

NCR Confidential

Encrypted Comms Core to DispenserUL 437 Locked Cabinets

Page 45: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR Confidential

Source: http://www.lockwiki.com/index.php/UL_437

45

Page 46: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

Logical Attacks

Black Box

EMERGING NEW LOGICAL THREATS

NCR Confidential

Malware in the

Network

Malware on the ATM

46

Page 47: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

47

Page 48: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

Logical Attacks: Malware in the Network

Black Box

EMERGING NEW LOGICAL THREATS

NCR Confidential

Malware in the

Network

Malware on the ATM

48

TLS Encryption or VPN (end to end encryption of ATM traffic)

Page 49: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

Logical Attacks

Black Box

EMERGING NEW LOGICAL THREATS

NCR Confidential

Malware in the

Network

Malware on the ATM

49

Page 50: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

Malware on the ATM

Logical Attacks

ATTACK CATEGORIES – Malware on the ATM

NCR Confidential

ATM Hard Disk OFFLINE

ATM Hard Disk ONLINE

50

Page 51: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

Malware on the ATM

Logical Attacks

ATTACK CATEGORIES – Malware on the ATM

NCR Confidential

ATM Hard Disk OFFLINE

ATM Hard Disk ONLINE

51

Page 52: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

Lockdown the BIOS, Encrypt Hard Disk

NCR Confidential 52

Page 53: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

53

Temkin Group Employee Engagement Benchmark Study, 2017

Page 54: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

NCR Confidential

Page 55: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

Malware on the ATM

Logical Attacks

ATTACK CATEGORIES – Malware on the ATM

NCR Confidential

ATM Hard Disk OFFLINE

ATM Hard Disk ONLINE

55

Page 56: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

56

Page 57: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

57

WHITELIST

Page 58: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

Security Requirements Summary to Protect against Logical Attacks1. Secure your BIOS

• Only allow boot from the primary hard disk

• Editing of BIOS settings must be password protected

2. Establish an adequate operational password policy for all ….passwords

3. Implement communications encryption• e.g. NCR Secure TLS Encrypted Communications

4. Establish a secure firewall• The ATM firewall must be configured to only allow known authorized

incoming and outgoing connections necessary for an ATM environment, the connections must be configured per program rather than per port

5. Remove unused services and applications• Removing these from the system help reduce the attack surface area

6. Deploy an effective anti-malware mechanism• NCR Recommends active whitelisting applications: e.g. Solidcore

Suite for APTRA

7. Establish a regular patching process for ALLsoftware installed

8. Harden the Operating System e.g.• Ensure the application runs in a locked down

account with minimum privileges required

• Disable Auto play

9. Implement Rule based access control e.g.• Define different accounts for different user privileges

• Restrict functionality allowed via remote desktop access to ATMs

10. Deploy a network authentication based Hard Disk ..Encryption Solution• NCR Secure Hard Disk Encryption

11. Ensure there is protected communications to the ...dispenser of the ATM

12. Perform a Penetration Test of your ATM production ...environment annually

13. Use a secure Remote Software Distribution that will ..assist in maintaining the Confidentiality; Integrity and . ..Availability of your ATMs• Required to meet rule 7 and allows for timely distribution of

updated malware signature files if malware is found

14. Consider the physical environment of ATM deployment• e.g. Through the Wall ATMS may be more suitable for unattended

environments

15. Consult a security enterprise specialist to deploy industry best-practice security controls within your enterprise

15 Recommendations

Page 59: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

59

http://response.ncr.com/security-alerts

Page 60: SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE · the Top Box of an ATM Bypasses the ATM’s core processor and connects an electronic device to the cash dispenser Send unauthorized

60

Thank you


Recommended
Two dispenser

Two dispenser

Documents

SSL Pinning and Bypasses: Android and iOS

SSL Pinning and Bypasses: Android and iOS

Technology

Project 2: ATM’s & Queues. ATM’s & Queues Certain business situations require customers to wait in line for a service Examples: Waiting to use an.

Project 2: ATM’s & Queues. ATM’s & Queues Certain business situations require customers to wait in line for a service Examples: Waiting to use an.

Documents

WHITEPAPER ALCEDO- PlatformThe ruling came recently from a higher court in Berlin (Berliner Kammergericht Az .: 161 Ss 28/18). 2.3 Fees at Crypto ATM’s Fees at crypto ATM’s are

WHITEPAPER ALCEDO- PlatformThe ruling came recently from a higher court in Berlin (Berliner Kammergericht Az .: 161 Ss 28/18). 2.3 Fees at Crypto ATM’s Fees at crypto ATM’s are

Documents

Smart Water Dispenser - Electric Water Dispenser Pump

Smart Water Dispenser - Electric Water Dispenser Pump

Lifestyle

6,385 Consecutive Mini-Gastric Bypasses: 15 Years Later

6,385 Consecutive Mini-Gastric Bypasses: 15 Years Later

Education

Tokheim Quantium 310 fuel dispenser · Tokheim QuantiumTM 310 fuel dispenser Industrial versatility TOKHEIM QUANTIUMTM 110 FUEL DISPENSER

Tokheim Quantium 310 fuel dispenser · Tokheim QuantiumTM 310 fuel dispenser Industrial versatility TOKHEIM QUANTIUMTM 110 FUEL DISPENSER

Documents

Automatic Soap Dispenser TOTO SOAP DISPENSERxrefs0.plumbersstock.com/Toto/03669T1,-Auto-Soap-Dispenser,-Web... · TOTO SOAP DISPENSER Automatic Soap Dispenser 03669 T1 2009.04 Owner’s

Automatic Soap Dispenser TOTO SOAP DISPENSERxrefs0.plumbersstock.com/Toto/03669T1,-Auto-Soap-Dispenser,-Web... · TOTO SOAP DISPENSER Automatic Soap Dispenser 03669 T1 2009.04 Owner’s

Documents

Potential Effects of Highway Bypasses on Local Communities

Potential Effects of Highway Bypasses on Local Communities

Documents

Atm’s and college students: New regulation cracks down on use of campus prepaid cards

Atm’s and college students: New regulation cracks down on use of campus prepaid cards

Education

CREDIT CARD THEFT USING ATM’S

CREDIT CARD THEFT USING ATM’S

Documents

A96 Bypasses Study - HITRANS · HITRANS & Highlands & Islands Enterprise (HIE) Economic Appraisal of the Proposed A96 Bypasses Executive Summary Scott Wilson ES.3 May 2008 • Nairn:

A96 Bypasses Study - HITRANS · HITRANS & Highlands & Islands Enterprise (HIE) Economic Appraisal of the Proposed A96 Bypasses Executive Summary Scott Wilson ES.3 May 2008 • Nairn:

Documents

Automatic Soap Dispenser TOTO SOAP DISPENSER · Automatic Soap Dispenser TOTO SOAP DISPENSER Warranty Registration and Inquiry For product warranty registration, TOTO U.S.A. Inc.

Automatic Soap Dispenser TOTO SOAP DISPENSER · Automatic Soap Dispenser TOTO SOAP DISPENSER Warranty Registration and Inquiry For product warranty registration, TOTO U.S.A. Inc.

Documents

Optimal Medical Care Stents and Bypasses for Preventing ...

Optimal Medical Care Stents and Bypasses for Preventing ...

Documents

Project 2: ATM’s & Queues

Project 2: ATM’s & Queues

Documents

DISPENSER MANUALE DISPENSER ETICHETTATRICI MANUALI

DISPENSER MANUALE DISPENSER ETICHETTATRICI MANUALI

Documents

Tunnel-bypasses and minarets of capitalism: Amman as ...

Tunnel-bypasses and minarets of capitalism: Amman as ...

Documents

How an ATM Transaction Really Works...ATM screen (with a mobile device). Cash Dispenser: The device that distributes cash from the ATM’s vault. Display: Guides users through the

How an ATM Transaction Really Works...ATM screen (with a mobile device). Cash Dispenser: The device that distributes cash from the ATM’s vault. Display: Guides users through the

Documents