Rob Leiponis of Parabit speaks to Security Buyer’s Chris Beck about current trends in ATM security and how they will change in the coming years.
Written by:
Chris Beck
securitybuyer.com
[Chris Beck] Tell us about Parabit’s ATM solutions
[Rob Leiponis] I founded Parabit Systems 19 years ago with the mission of providing security and self-service solutions, as these solutions have and continue to be perpetually growing industries. We started as an ATM security product/integrator organisation and quickly grew into a manufacturer of ATM Security and Self Service enhancement products. The world is not getting any safer and people are always looking to automate even the simplest processes within their lives. That’s the essence of Parabit. We provide many solutions to the Financial, Health Care, Education, Government and Transportation industries. Parabit designs niche products and solutions that address unique applications that service these markets. Being a small company, where every product is designed and manufactured in-house, we are able to adapt very quickly to the needs of our clients. Within the US, where we have our largest footprint, we supply solutions to 25 of the largest 50 financial institutions.
Since our inception, we’ve shipped our ATM security and self-service products all over the world, and within recent years have positioned ourselves to grow our business significantly in European community. In October, Parabit exhibited for a 2nd year at the ATM Security Conference in the UK, where we encountered a very warm reception to our ATM Security solution suite.
[CB] What are the main security threats around ATMs, and how have they changed in recent years?
[RL] It differs depending on the market. Within the European market there are many gas attacks and physical break-ins into ATM machines, whereas in the US we see more cyber attacks and skimming. That’s not to say that skimming is more of a problem in the US than Europe per se, but skimming is the most common type of attack we experience in the US. Thieves place hidden cameras on an ATM fascia or an overlay over the ATM keypad to record PIN data. Over the past several years, we have seen attacks increase on the ATM lobby vestibule card reader as well, where a skimming device is placed over the ATM Lobby Card Access Control System to skim the magnetic stripe information. Or, the thieves can place a counterfeit card reader on the door frame to capture customer data. Skimming attacks have appeared on many areas of the ATM as well as the ATM Lobby card entry access system.
"Within the European market there are many gas attacks and physical break-ins into ATM machines, whereas in the US we see more cyber attacks and skimming."
[CB] How have Parabit’s products had to adapt to dealing with these changing threats?
[RL] We offer a suite of products to help the customer feel more secure within the ATM environment. Our solutions have evolved from our first “ACS-1” ATM card entry access control system –a simple card reader to grant access to ATM lobbies, which became an industry standard. Within a few years’ time, the ACS-1 evolved into the “ACS-2,” a card entry access control solution that only allowed ATM, Credit and Debit cards into the lobby, as well as providing remote facilities management features. Then, once skimming became rampant on ATMs, we’d designed skimming detection within our Card Reader.
We accomplished this design integration about four years ago creating our patented SkimGard™ technology, specifically designed for magnetic card readers installed within an outdoor environment. Our latest ACS-1E solution will soon support our soon-to-be released Multi-Media Card Reader (MMR) Contactless EMV / NFC / Magnetic Stripe Reader w/ SkimGard™ technology, which will be an easy upgrade on to our ACS-1E card entry access control systems. Here in the US, state and federal agencies promote our SkimGard™ product to banks upon their investigation of a skimming attack on an ATM card entry access control system.
We’ve been very successful with the product, as we’ve managed to evolve it from a simple card entry product to a sophisticated access control / facilities management / skimming detection tool with the collaboration of clients like Bank of America, Capital Once, Citizens Bank, HSBC, JPMorgan Chase, PNC, TD Bank, US Bank, Wells Fargo, and others.
With our ACS-1E and SkimGard™ solution, these financial institutions can now effectively manage their ATM Lobbies – with remote; system diagnostics, data analysis, system status messages, control of open times of the Branch/ATM lobby doors and so much more. The ACS-1E also supports the configuration of “mantrap” environments, where only one person is allowed into the vestibule at any time.
There are many features of our ACS-1E system that permit our clients to manage Lobby Access and Security.
As the banking industry migrates towards branchless banking by investing into more self-service technology to offer their consumers (such as sophisticated ATM’s, Kiosks and Remote Teller Systems), they will want to ensure their investments security with our ACS-1E, as well as our suite of other ATM Security enhancement solutions.
Over the past few years in the US, we’ve seen about 500 new branch builds where the bank installs more self-service technology. Also, more banks are moving back to ATM lobby environments during branch renovations where they didn’t have an ATM lobby before. This correlates to a reduction in size of the average bank branch down to around 1,500 – 2,000 square feet. In these situations, the reliance is on self-service technology, so our ACS-1E product is the optimal security solution.
[CB] Will there continue to be a need for cash, and as a result ATMs, as payment methods turn more towards NFC and contactless payment?
[RL] Cash isn’t going away just yet. There are many articles on this issue indicating people are essentially living under the government’s radar and tax free – they’re working in a low paying job and are employed “off the books.” Once the various governments around the world manage to track individuals who are living week-to-week on just cash, then the need for ATMs may go away. However, I’ve read several articles over the last few years that indicate cash isn’t going away any time soon.
[CB] Is there much legislation surrounding ATM security?
[RL] Currently 26 States in the US have ATM-specific regulations and these laws are being adapted by other states each year. Many of the laws are geared towards the requirement of maintaining safety notices and mirrors on the ATM, and maintaining a minimum level of lighting (foot candle illumination) within and around the ATM Lobby and around the branch and the installation of cameras inside and around the ATM.
Illinois, New Jersey and New York are the only states that require a financial institution to have a card access control system to enter an ATM Lobby right now. Laws which require a specified minimum amount of illumination at an ATM are designed to stop customers from compromising themselves by walking into a low lit or dark ATM environment. On an average night, about a dozen people are robbed at an ATM because of poor lighting. The customer walks into a darkened lobby only to encounter a thief, and are forced to withdraw their maximum limit. Our LS-1 Light Sensor ties into our ACS-1E system or existing alarm systems to notify the banks alarm monitoring system that a low or no light condition exists. The current inconsistencies across the board in ATM safety laws in the US -- in my opinion -- don’t provide for much protection of the consumer right now. There is a great disparity between the amount of security dollars spent to protect customers within a branch, versus protecting customers using ATM’s and other self-service technology within an unattended 24/7 environment.
"There is a great disparity between the amount of security dollars spent to protect customers within a branch, versus protecting customers using ATM’s and other self-service technology within an unattended 24/7 environment."
[CB] How do you think the threats to ATMs will change in the future?
[RL] As long as there are ATMs and until anti-skimming systems have been installed on every ATM, Gas Pump, and every self-service card reader that is associated with a financial transaction, we will continue seeing skimming attacks.
While at the ATM Security Conference, I learned that some banks have removed the card reader from the vestibule door to reduce the risk of skimming the ATM Lobby card reader. Unfortunately, if you remove the card reader but don’t remove the door, what’s to stop a thief from attaching a Skimmer with a piezo buzzer right on the vestibule door frame? This fake card reader will look and sound like a real ATM Lobby card entry reader to the customer, who then gets their PIN stolen from a PIN capture device installed on or around the ATM fascia.
My recommendation to any bank that has ATMs in a lobby and has removed their entry card access system, is remove the door to eliminate the chance of a Skimming fake card reader from being installed -- or install SkimGard™ with our ACS-1E system.
Gas attacks and ram attacks are still common, especially in the EU. In the US, those types of attacks are usually on ATM’s that are in remote locations like supermarkets and convenience stores. Banks are well defended with some rugged solutions – one of which, is produced by a UK based company Lok-Tec; they produce gas and ram attack solutions for ATM’s.
In summary, as banks are transforming themselves towards smaller branches -- and as consumers are migrating towards more self-service technology and mobile banking apps -- branch banking most likely will never truly reduce its footprint because of their branding. As technology evolves, more will be deployed to service and meet bank customer self-service and mobile needs. In the US, we are not seeing traditional vestibules dying out, as they have in the UK. ATM Lobbies are making a strong comeback in order to house and protect 24-hour access to the latest technology banks are installing in the 24/7 Lobby. As banks evolve with automation within a 24/7 environment, our solutions are an excellent complement.
"As long as there are ATMs and until anti-skimming systems have been installed on every ATM, Gas Pump, and every self-service card reader that is associated with a financial transaction, we will continue seeing skimming attacks."