ATM Security | Solidcore says ATM hacks prove traditional security controls are no longer effective | ATM Marketplace

Solidcore says ATM hacks prove traditional security controls are no longer effective

CUPERTINO, Calif. — Solidcore Systems Inc., a provider of technology to protect critical IT infrastructure from devices to the data center, says its patented runtime control software is the only proven solution to preserve system integrity and prevent malware on ATMs, point of sale systems, and physical and virtual enterprise IT systems.

Solidcore says recently publicized ATM hacks, such as the malware that infected some of Diebold's ATMs, proves that traditional security software has become obsolete for stopping today's more advanced threats.

To date, security for ATMs and other self-service devices has focused on physical controls to mitigate access and device tampering. But the widespread adoption of general purpose operating systems and added-value applications to enhance self-service banking is jeopardizing the control needed to keep these critical systems secure, Solidcore says.

This increased functionality and convenience has made it easier to obtain intimate knowledge of these devices, and ultimately open up ATMs to vulnerabilities and configuration changes that can be exploited.

ATMs have been targeted with a sophisticated piece of malicious code (malware) that takes advantage of the ATM's "service" or "maintenance" mode to turn off traditional security tools such as antivirus and encryption. According to a news release, Solidcore's patented runtime control software would have prevented this type of attack by first preventing the trojan from running on the system, and then by denying unauthorized changes to the system that ultimately created the vulnerable state where customer PIN and encoded account information became easily accessible for compromise.

Solidcore's endpoint security prevents unauthorized changes and allows device manufacturers and enterprise IT organizations to enforce established software change policies. Solidcore provides the flexibility to allow multiparty authorized updaters and keeps a detailed log of all changed items. For security reasons, ATMs are hard to access through a centralized network and many need on-site support.

Solidcore allows for certified and authorized updates to be easily created and distributed to personnel servicing these devices and limiting scope to only the changes authorized within the update. Even if the technician has "Admin" login privileges, no additional alterations will be accepted, ensuring the sustained integrity of the system.

Solidcore's patented runtime control technology is providing security and PCI compliance for more than 100,000 devices throughout the world, and is the chosen protection solution for many of the world's leading device manufacturers. More than 100 leading banks across Europe, North America and China have already deployed Solidcore to secure their critical endpoints and are beginning to extend the Solidcore solution from the ATM to the enterprise IT infrastructure.




Reblog this post [with Zemanta]

Posted by John B. Frank Friday, March 27, 2009

0 comments

Payments Industry News Blog

Search the PIN Debit Blog by Subject

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers