SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE
NCR – Confidential - Use and Disclose Solely Pursuant to Company Instructions
A brief history…
NCR Confidential
NCR Confidential
NCR Confidential
friction confusionExperience +=
NCR Confidential
NCR Confidential
1. Enter your account number
2. Enter your TPIN
NCR Confidential
NCR Confidential
1. Insert your card2. Enter your PIN
NCR Confidential
NCR Confidential
NCR Confidential
NCR Confidential
AGAIN…
NCR Confidential
AGAIN…What to do?
2 Factor Authentication
THE POWER OF PRE-STAGING
20
NCR – Confidential - Use and Disclose Solely Pursuant to Company Instructions
NCR – Confidential - Use and Disclose Solely Pursuant to Company Instructions
Realized the power
of prestaging long ago
NCR Confidential
NCR Confidential
Checkin at Home, speed up transaction at airport
NCR Confidential
BIOMETRIC AUTHENTICATION
26
NCR Confidential
1. Enter your account number
2. Enter your TPIN
We go from this…
NCR Confidential
1. Enter your account number
2. Enter your TPIN
My voice is my password
NCR Confidential
1. Enter your account number
2. Enter your TPIN
My voice is my password
NCR Confidential
1. Insert your card2. Enter your PIN
We go from this…
NCR Confidential
1. Insert your national ID card
2. Scan your fingerprint
NCR Confidential
We go from this…
NCR Confidential
happiness
experience becomes
NCR Confidential
Black BoxOnlineOfflineNetworkUnknown
The Growth and Geographic Expansion of Logical Attacks since 2013 Requires URGENT Action
Mexico Mexico Mexico
Germ…
Mexico
Russia
Guatemala
MalaysiaBrazil
Dominican RepublicUK
Russia Russia
MexicoCanada
Jordan OmanRomania
Mexico IndiaSpain
Hungary
Brazil IndiaGermany
RussiaPoland Russia
USAUkraine IndiaUkraineRussia RussiaRussia IndiaItaly Brazil
GermanyEstoniaSwedenGreece Brazil
GermanyRomaniaCzech Republic India
UK ThailandMexicoMexico Dominican Republic
ItalyMexico
SpainPhilippines
CyprusRussiaCyprus
IrelandPeru
UK Dom Rep
IndiaUKNorway
Czech RepublicUKUK
0
10
20
30
40
50
60
70
80
Oct‐12 May‐13 Nov‐13 Jun‐14 Dec‐14 Jul‐15 Jan‐16 Aug‐16 Mar‐17
Tota
l N
o of
atta
cks
Malaysia
Over $19 million lost
Logical Attacks responsible for major losses
Germany
Approximately $200K in losses
Canada
Multiple malware attack attempts made
Brazil
Lost more in 1 day than in the previous year
United Kingdom
Potential losses of $300K per ATM affected
Mexico
Over $12 million in losses in 2013
NCR Confidential
Logical Attacks
Black Box
EMERGING NEW LOGICAL THREATS
NCR Confidential
Malware in the
Network
Malware on the ATM
39
Logical Attacks
Black Box
EMERGING NEW LOGICAL THREATS
NCR Confidential
Malware in the
Network
Malware on the ATM
40
Black Box Attacks
Criminal gains access to the Top Box of an ATM
NCR Confidential
Black Box Attacks
Criminal gains access to the Top Box of an ATM
Bypasses the ATM’s core processor and connects
an electronic device to the cash dispenser
NCR Confidential
Black Box Attacks
Criminal gains access to the Top Box of an ATM
Bypasses the ATM’s core processor and connects
an electronic device to the cash dispenser
Send unauthorized commands to dispense the
cash from the ATM
NCR Confidential
Black Box Attacks
Criminal gains access to the Top Box of an ATM
Bypasses the ATM’s core processor and connects
an electronic device to the cash dispenser
Send unauthorized commands to dispense the
cash from the ATM
NCR Confidential
Encrypted Comms Core to DispenserUL 437 Locked Cabinets
NCR Confidential
Source: http://www.lockwiki.com/index.php/UL_437
45
Logical Attacks
Black Box
EMERGING NEW LOGICAL THREATS
NCR Confidential
Malware in the
Network
Malware on the ATM
46
47
Logical Attacks: Malware in the Network
Black Box
EMERGING NEW LOGICAL THREATS
NCR Confidential
Malware in the
Network
Malware on the ATM
48
TLS Encryption or VPN (end to end encryption of ATM traffic)
Logical Attacks
Black Box
EMERGING NEW LOGICAL THREATS
NCR Confidential
Malware in the
Network
Malware on the ATM
49
Malware on the ATM
Logical Attacks
ATTACK CATEGORIES – Malware on the ATM
NCR Confidential
ATM Hard Disk OFFLINE
ATM Hard Disk ONLINE
50
Malware on the ATM
Logical Attacks
ATTACK CATEGORIES – Malware on the ATM
NCR Confidential
ATM Hard Disk OFFLINE
ATM Hard Disk ONLINE
51
Lockdown the BIOS, Encrypt Hard Disk
NCR Confidential 52
53
Temkin Group Employee Engagement Benchmark Study, 2017
NCR Confidential
Malware on the ATM
Logical Attacks
ATTACK CATEGORIES – Malware on the ATM
NCR Confidential
ATM Hard Disk OFFLINE
ATM Hard Disk ONLINE
55
56
57
WHITELIST
Security Requirements Summary to Protect against Logical Attacks1. Secure your BIOS
• Only allow boot from the primary hard disk
• Editing of BIOS settings must be password protected
2. Establish an adequate operational password policy for all ….passwords
3. Implement communications encryption• e.g. NCR Secure TLS Encrypted Communications
4. Establish a secure firewall• The ATM firewall must be configured to only allow known authorized
incoming and outgoing connections necessary for an ATM environment, the connections must be configured per program rather than per port
5. Remove unused services and applications• Removing these from the system help reduce the attack surface area
6. Deploy an effective anti-malware mechanism• NCR Recommends active whitelisting applications: e.g. Solidcore
Suite for APTRA
7. Establish a regular patching process for ALLsoftware installed
8. Harden the Operating System e.g.• Ensure the application runs in a locked down
account with minimum privileges required
• Disable Auto play
9. Implement Rule based access control e.g.• Define different accounts for different user privileges
• Restrict functionality allowed via remote desktop access to ATMs
10. Deploy a network authentication based Hard Disk ..Encryption Solution• NCR Secure Hard Disk Encryption
11. Ensure there is protected communications to the ...dispenser of the ATM
12. Perform a Penetration Test of your ATM production ...environment annually
13. Use a secure Remote Software Distribution that will ..assist in maintaining the Confidentiality; Integrity and . ..Availability of your ATMs• Required to meet rule 7 and allows for timely distribution of
updated malware signature files if malware is found
14. Consider the physical environment of ATM deployment• e.g. Through the Wall ATMS may be more suitable for unattended
environments
15. Consult a security enterprise specialist to deploy industry best-practice security controls within your enterprise
15 Recommendations
59
http://response.ncr.com/security-alerts
60
Thank you