English
  • Russian
  • Korean
  • Support
Positive Technologies
English
  • Russian
  • Korean
  • Solutions
    ICS/SCADA

    Critical infrastructure on the frontline

    Vulnerability Management

    Stop being an easy target

    Financial Services

    Can your security keep up with you?

    Protection from targeted attacks (anti-apt)

    Early detection, rapid investigation

    PT Industrial Cybersecurity Suite

    PT ICS is an integrated platform for cyberthreat detection and response in industrial systems

    Utilities

    Industrial-grade cybersecurity

    ERP Security

    Take control of your ERP security

    Security Compliance

    Turn policies into protection

    View all →
  • Products
    MaxPatrol 8

    Vulnerability and compliance management system.

    MaxPatrol SIEM

    Knows your infrastructure, delivers pinpoint detection.

    PT Application Firewall

    Intelligent protection of business applications.

    PT Application Inspector

    Source code analysis tool.

    PT ISIM

    Cyberthreat detection and incident response in ICS.

    PT Network Attack Discovery

    NDR system to detect attacks on the perimeter and inside the network.

    PT Sandbox

    Advanced sandbox with customizable virtual environments

    XSpider

    Vulnerability scanner.

    MaxPatrol VM

    Next-generation vulnerability management system.

    MaxPatrol SIEM All-in-One

    Full-featured SIEM for mid-sized IT infrastructures.

    PT MultiScanner

    Multilayered protection against malware attacks.

    PT BlackBox

    Dynamic application security testing tool

    View all →
  • Services
    ICS/SCADA Security Assessment

    Full Range of ICS-specific Security Services

    ATM Security Assessments

    Uncover Your Weaknesses

    Web Application Security Services

    Black Box and White Box Analysis

    Mobile Application Security Services

    Security Analysis and Compliance Audit

    Custom Application Security Services

    Independent Expert Analysis of Your Source Code

    Penetration Testing

    A Comprehensive Approach

    Forensic Investigation Services

    Prevent Future Incidents

    Advanced Border Control

    Upgrade Your View of Perimeter Security

    View all →
  • Analytics
    Threatscape
    PT ESC Threat Intelligence
    Cybersecurity glossary
    Knowledge base
    View all →
  • Partners
  • About
    Clients
    Press
    News
    Events
    Contacts
    Documents and Materials
    View all →
Menu
  • Home
  • Services
  • ATM Security Assessments

ATM Security Assessments

Uncover Your Weaknesses

About Service

ATMs have long been a physical target for criminals who take a "smash and grab" approach. However, with the growing sophistication of organized crime, self-service cash machines are increasingly becoming the targets of high-tech fraud. Malware—such as Trojan.Skimmer, which steals card and PIN data, and Ploutus, which can be used to trigger cash withdrawals via text messages—is becoming a significant threat to financial institutions.

To protect your ATM network from fraud, the banking security experts at Positive Technologies have developed a series of hands-on vulnerability assessments that look at the entire ATM environment. We can identify software, hardware, and communication protocol vulnerabilities that are exploited by the likes of Trojan.Skimmer and Ploutus attacks, so you can block unauthorized cash withdrawals and protect payment card data. In addition, we can develop custom tools to demonstrate the potential likelihood and impact on your business of attacks related to the vulnerabilities we find.

Uncover Your Weaknesses

Our detailed security audits will identify the most critical vulnerabilities that need your immediate attention and make practical recommendations for changes at the organizational and systems level. In our experience, the most common vulnerabilities include:

  • Weak user authentication and access control
  • Vulnerabilities in network communications, for example, lack of encryption in communication between the ATM and the processing center that would allow attackers to create a fake processing center and use it to withdraw cash or intercept track-two data
  • Vulnerabilities in software and ATM-specific network services, including flaws that allow hackers to exit kiosk mode and obtain unauthorized access to the operating system within the ATM
  • Weaknesses in security software that might allow an attacker to bypass security controls
  • BIOS security flaws
  • Inadequate security within the ATM’s component devices (PIN pad, dispenser unit, card reader, etc.), including vulnerabilities in communications via XFS that might give an attacker unauthorized access to any of these devices
  • Other security flaws leading to unauthorized cash withdrawal or payment card data leakage

Measuring Up to Industry Standards

Our security assessment methodologies take into account a wide range of internationally recognized information security standards and regulations, such as:

  • Payment Card Industry Data Security Standard (PCI DSS) and PIN Transaction Standards (PCI PTS) ATM Security Guidelines
  • Open Source Security Testing Methodology Manual (OSSTMM)
  • Web Application Security Consortium (WASC) Threat Classification
  • Open Web Application Security Project (OWASP) Testing Guide

Comprehensive ATM Security

Positive Technologies has been helping leading banks to secure their networks for over a decade. We know that performing an across-the-board assessment of ATM security requires more than a simple checklist. That’s why our researchers take an in-depth approach by analyzing:

  • General system information
  • Main system components
  • Hardware and software versions
  • Network communications
  • Data transfer protocols

After collecting this configuration information, our expert team performs detailed research on ATM security levels, including:

  • Identifying vulnerabilities in communications between the ATM and processing center
  • Finding ATM vulnerabilities, including zero-day vulnerabilities in both software and hardware
  • Developing custom exploitation tools that will verify these vulnerabilities and demonstrate the potential impact on your business operations, customer accounts, and customer data

Testing Prerequisites

In order to carry out analysis, we require access to:

  • An ATM cabinet in your test environment that is connected to your processing center
  • The ATM’s system unit and sample credentials for all ATM user roles
  • Access to virtual machines, ISO images of the OS, and/or copies of the software installed on all ATMs

Although some assessments may be conducted remotely via VPN, we may need to return to your test environment to verify and demonstrate the vulnerabilities we find.

Contact us

By clicking Send you give your free and explicit consent to process your personal data and agree to our Privacy Policy

Company Services

  • ICS/SCADA Security Assessment
  • Web Application Security Services
  • Mobile Application Security Services
  • Custom Application Security Services
  • Penetration Testing
  • Forensic Investigation Services
  • Advanced Border Control

Company Products

  • MaxPatrol VM
  • PT Sandbox
  • MaxPatrol SIEM All-in-One
  • XSpider
  • PT Network Attack Discovery
  • MaxPatrol SIEM
  • PT BlackBox
  • MaxPatrol 8
  • PT Application Firewall
  • PT Application Inspector
  • PT ISIM
  • PT MultiScanner
Solutions
  • ICS/SCADA
  • Vulnerability Management
  • Financial Services
  • Protection from targeted attacks (anti-apt)
  • PT Industrial Cybersecurity Suite
  • Utilities
  • ERP Security
  • Security Compliance
Products
  • MaxPatrol 8
  • MaxPatrol SIEM
  • PT Application Firewall
  • PT Application Inspector
  • PT ISIM
  • PT Network Attack Discovery
  • PT Sandbox
  • XSpider
  • MaxPatrol VM
  • MaxPatrol SIEM All-in-One
  • PT MultiScanner
  • PT BlackBox
Services
  • ICS/SCADA Security Assessment
  • ATM Security Assessments
  • Web Application Security Services
  • Mobile Application Security Services
  • Custom Application Security Services
  • Penetration Testing
  • Forensic Investigation Services
  • Advanced Border Control
Analytics
  • Threatscape
  • PT ESC Threat Intelligence
  • Cybersecurity glossary
  • Knowledge base
Partners
About
  • Clients
  • Press
  • News
  • Events
  • Contacts
  • Documents and Materials
Positive Technologies
Copyright © 2002—2023 Positive Technologies. All Rights Reserved.
Find us:
  • Report a vulnerability
  • Help Portal
  • Terms of Use
  • Privacy Notice
  • Cookie Notice
  • Positive Coordinated Vulnerability Disclosure Policy
  • Sitemap
Copyright © 2002—2023 Positive Technologies. All Rights Reserved.
  • Report a vulnerability
  • Help Portal
  • Terms of Use
  • Privacy Notice
  • Cookie Notice
  • Positive Coordinated Vulnerability Disclosure Policy
  • Sitemap