Search
Filters
RSS

Blog posts tagged with 'upgrade'

End of Windows XP support - What's next?

Last week marked the end of support for Windows XP, though it does not mean the licenses have expired. However, the important thing to remember is the risk in lack of security patches that come with ignoring the update.

The April 8th deadline has come and gone, but how much of an effect has it had on the industry? Honestly, close to none at all, or at least not yet.  Bank ATMs are established on a private network with no internet access. Firewalls keep the ATMs communication through a designated server with anti-virus software and white-listening to ensure no other software can run parallel. There can be however, two general problems that can occur now that the deadline has passed:

The first issue is compliance; PCI regulations and bank rules require that bank ATMs are not to run unsupported software, which could lead to a loss of PCI certification. Most banks in the West have started to meet the requirements almost a year ago, while the rest have put together a transition plan that allows them enough time to migrate to Windows 7. During this time however, Asian banks have generally ignored the deadline, treating it like a modern day Y2K.

The second risk is what those in Asia may come to experience. Unsupported ATMS face something called "zero-day" vulnerabilities. These vulnerabilities are security threats that Microsoft has no way of knowing will even exist or how they will operate. What they do know is that somewhere out there a hacker will be prepared armed. Today there is a much larger battle going on between security protections and malware, which was not the case during Y2K. So it is merely a matter of time until these zero-day vulnerabilities are exploited.

Microsoft has however, set a cost for limited support or a "customers service agreement" that lasts up to 2 years from the April 8, 2014 deadline. The CSA will allow security patches to be made available, assuming the right XP license was purchased for your ATM. With the CSA, you essentially buy yourself a 2 year grace period to get your machine upgraded to Windows 7, or Windows 8 if you want to get ahead of the game.

The delay in the Windows 7  migration can be directed to both the manufacturers for "guarding" a low driver layer called XFS SPs (which there is no open market for) and the banks for not demanding that these drivers be made available in time. The XP to W7 upgrade could have run smoothly had the transition started four years ago, with a properly implemented hardware replacement cycle.

So when does the support for Windows 7 expire? 2020, leaving us with just 6 years until the next disaster meets the industry, unless we can get it right in the mean time.

Source - ATMMarketplace

EMV in the US

As we ponder this question, consider the most recent ATM theft in which organized thieves drained more than $45 million dollars from ATMs worldwide in mere hours. By accessing bank databases, cyber-thieves were able to eliminate maximum withdrawal limits on individual accounts, load customer data onto any plastic card with a magnetic stripe (a hotel room key would suffice) and use them to withdraw millions of dollars in cities around the world. Such a scheme isn’t that difficult to accomplish with the magnetic stripe technology we use today.      

The good news is that EMV is coming soon to an ATM near you. But “soon”
 is a subjective term. Most industry experts agree the primary driver for EMV migration in the U.S. will come from issuers, as they’re the ones tasked with replacing more than a billion mag-stripe credit and debit cards. This won’t be a singular event – but rather an ongoing process, where expired cards will be gradually replaced with EMV chip card technology. The shift will be subtle, and the card-holder may not even be aware of the change.

 

Before issuers can start providing customers with EMV smart-cards, they need a plan for accepting them at terminals. The first step towards accepting EMV smart-cards at the ATM is typically an assignment of liability:

• MasterCard is the first in the U.S. to publicly declare that if fraud occurs on a transaction initiated through an EMV card on a MasterCard, Cirrus or Maestro network, then the ATM owner will be liable for that fraud if the ATM was not properly equipped to support EMV technology. Visa has also announced dates for liability shifts, and other issuers in the U.S. will soon follow suit.

• In Canada, Visa was first to shift the liability to ATM owners. Within two years, all cards from Interact members (Royal Bank of Canada, CIBC, Scotiabank, Toronto-Dominion Bank, and the Desjardins Group of Credit Unions) featured EMV chip-cards.

While the October 2016 deadline for compliance in the U.S. moves closer, the message is clear: It’s time to get ready for EMV. This shift, which can take up to a year to complete, involves hardware, software and professional services to ensure compatibility on the back end.

-ATMTrader

 

EMV

Over the last year I’ve been getting g a lot of questions regarding EMV. What it is, why there's a need to upgrade again, who should absorb the cost of the EMV upgrades and why are there so many fires in California?  The answer is of course,  security and the Santa Anita winds. 

EMV (Europay, MasterCard and Visa) is an international standard on integrated circuit cards or “chip” cards as well as point of sale (POS) and automated teller machines for authorizing electronically transferred funds (EFT). 

Must I Upgrade?

The hard pill to swallow, never mind the fact that we’re still in the wake of ADA, is knowing that there is no choice in the matter when it comes to the EMV migration. Facing the liability shift consequences is the alternative to not complying with EMV, but no ISO or merchant wants to take on the responsibilities that financial institutions are currently fulfilling.  In the last eight years the ATM industry has gone through Triple-DES upgrades, ADA upgrades and now EMV.  But like most companies in the tech industry, upgrades are required to maintain both resiliency and government compliancy. 

The Myth Exists

Canada went through it's EMV transition the first of this year. There was an ISO that had not upgraded a handful of his machines by the January 1st deadline. Once it became common knowldedge the at his machines were not EMV ready a bulls-eye was placed directly over his locations. A group of compromised mag-striped cards were atttained and used on 4 of his machines to withdrawal the equivalent of $90,000. Since the liability had already gone into affect the card issuers were no longer liable for the lost funds, so who paid the $90,000? The ISO who didn't see it worth upgrading his ATMs. IT'S NOT WORTH THE RISK!!

Magnetic Stripe vs. Chip Technology

Currently all cards in the U.S. store data on a magnetic stripe located on the back of every debit, credit and pre-paid cards, a technology that can be routed to the 1960s.  Now with EMV, smart-card technology will feature a chip on the front of the card that stores encrypted data to protect against any form of duplication and fraudulent activity. This type of technology will also allow for more contactless “tap n’ go” transactions to follow in later years. 

Measurable result driven upgrade = 80% fraud decline

The overall goal of EMV is to reduce the risk of counterfeiting and fraudulent activity while standardizing payment activity throughout the globe.  In a study done by the Aite Group, they estimated that 8.6 billion is lost to fraud in the U.S. each year, while the U.S. secret service found that more than $1 billion was directly related to ATMs.  Europe has recorded an unprecedented decline in ATM related fraudulent activities mostly attributed to this upgrade.

In regions throughout the world that have adopted EMV, ATM fraud has dropped dramatically, as much as 80%.  The facts are solid, EMV is much more secure than the current magnetic strip and the necessity of EMV is imperative to protect people from fraud, and the United States is next in line to suit up and join the international players.

Some EMV benefits

To name a few: A massive reduction in card fraud, ability to use cards anywhere in the world and it takes the industry one stop closer to contactless and mobile payment solutions.

By the end of 2010 close to 1.25 billion EMV “chip and pin” cards were in use worldwide playing a huge part in Europe where half way through 2006 a 62 Million Euros loss was reported due to ATM fraudulent activities, then to 23 Million Euros at the end of 2010, a reduction of 63% in just 4 years! 

Yes there are some costs that come with upgrading your terminal, but remember we are in the financial industry, and we deal with customers accounts and livelyhood. So government regulations are coming much more frequent to protect the masses.  We are here to provide a service at a standard that we would expect from our providers.

-ATMTrader