I’m sure that most of the people know what Automated Teller Machine (ATM) is and what is used in our daily life. Just for a reminder for those are not familiar with ATM, so Automated teller machine (ATM) is an electronic banking outlet where it will provide customer’s assist in terms of completing the transaction without the help from bank’s branch representative.

Any Security Consultant that works in any banking industry might be tested and identify on unknown and known vulnerabilities that can be found at software and hardware that also included communication protocol that resides within the ATM Environment.

The attack that can be look into are listed as follows:

The most of finding that be found by Security Consultant when running security assessment on ATM such as follows:

  • Authentication on weak user for the ATM
  • Security flaws on BIOS System
  • Vulnerabilities that can be found in the network (e.g: lack of encryption) and software (outdated patch and unauthorized access)
  • Data leak breach

Source: ATM Attack Vectors and Defenses

Source: What is PCI DSS? | A Brief Summary of the Standard

Security Consultant will follow the guidelines of Open Web Application Security Project (OWASP) testing, Payment Card Industry Data Security Standards (PCI DSS) and Payment Card Industry PIN Transaction Standards ATM (PCI PTS).