Q&A: ATM Remote Key Loading
Q: With the rise of mobile banking, are ATMs still widely used for cash withdrawals?
According to the Federal Reserve, automated teller machines (ATMs) are the second most commonly used method of interacting with financial institutions, surpassed only by visiting the bank teller in person, as notated in the graph below. Despite recent growth in usage of mobile banking methods, ATMs are still widely relied upon for cash withdrawals. As another indicator of the rapid growth and usage of ATMs for cash withdrawals, projections expect that the number of installed ATMs will surpass 4 million by 2020 (RBR).
Q: What protection measures can be deployed to prevent attackers from accessing ATMs?
This increasing number of ATMs necessitate both physical and logical protection, as outlined below:
Physical protection is required to secure the ATM against forced entry, physical cash theft, or the theft of the entire machine. Preventative physical measures can include:
— Access control
— Physical locks
— Tamper detection
— Built-in GPS machine location
— Dye packets
Logical protection is mandatory to ensure customer’s PIN details are encrypted upon entry, so that attackers are unable to obtain consumer information. Logical protection measures can include:
— Hardware-based encryption
— Access control
— Tracking and monitoring
Q: How do ATMs keep consumer information confidential?
Each ATM has an Encrypting PIN Pad (EPP) that allows customer PINs to be instantaneously protected upon entry. To ensure secure communication among the ATM and the host bank, the encrypted information is sent to a hardware security module (HSM) for verification. The HSM verifies if the PIN is correct, and sends a PIN validation confirmation if it is. By encrypting information every step of the way, from PIN entry to PIN validation, consumer information is kept confidential.
Q: What are ATM keys?
ATM keys are the keys used to encrypt customer data from the ATM’s EPP. They must be changed frequently, using a process referred to as key rotation, to ensure security.
Prior to remote key loading, the process of rotating keys would require enough manpower to have the key holders visit each ATM’s physical location. This proved to be too costly for those managing expansive networks of ATMs and their keys.
Q: What are the top 3 benefits of remotely loading ATM keys?
Since every organization places different value on the many benefits provided by ATM Remote Key Loading, we’ve outlined a few universally beneficial qualities below.
Ensure security: Visiting each ATM’s physical location to manually rotate keys prevents organizations from having shorter key rotation cycles. With longer key rotation cycles, the overall system security is reduced. With ATM Remote Key Loading, shorter key rotation cycles are supported and changing an entire network of ATM key components requires minimal effort, leaving no gap between the detection of compromised key component(s) and the issuance of new key components.
Save time and resources: Managing the physical trips to each ATM’s location is costly. Futurex’s ATM Remote Key Loading Technology deploys an RKMS Series to immediately rotate keys using an intuitive GUI and API. The flexibility to rotate keys from virtually anywhere, combined with the speedy process of training and implementing key rotation allocates more time and resources for organizations to utilize elsewhere.
Simplify compliance and audits: The impressive logging capabilities of the RKMS Series make audits painless. Futurex devices, such as the RKMS Series, exercise robust security measures to protect ATM keys within a FIPS 140-2 Level 3 Secure Cryptographic Device (SCD).