ATM Security - A Case Study of a Logical Risk Assessment (Best Paper Award)

Johannes Bräuer; Bernadette Gmeiner; Johannes Sametinger

ATM Security - A Case Study of a Logical Risk Assessment (Best Paper Award)

Johannes Bräuer, Bernadette Gmeiner, Johannes Sametinger

Institute of Business Informatics - Software Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference proceedings › peer-review

Abstract

Automated Teller Machines (ATMs) contain considerable amounts of cash and process sensitive customer data to perform cash transactions and banking operations. In the past, criminals mainly focused on physical attacks to gain access to cash inside an ATM’s safe. They captured customer data on the magnetic strip of an ATM card with skimming devices during insertion of the card. These days, criminals increasingly use logical attacks to manipulate an ATM’s software in order to withdraw cash or to capture customer data. To understand the risks that arise from such logical attacks, we have conducted a risk assessment of an ATM platform that is running in a real banking environment. The result of this assessment has revealed the main issues that are responsible for vulnerabilities of an ATM platform. In this paper, we discuss the findings of our risk assessment as well as countermeasures to mitigate serious risks in order to ensure a secure banking environment. The risk assessment has revealed effective countermeasures and has additionally provided a prioritization of activities for ATM manufacturers.

Original language	English
Title of host publication	Proceedings of the Tenth International Conference on Software Engineering Advances (ICSEA 2015), Barcelona, Spain, November 15-20, 2015.
Editors	ThinkMind
Publisher	IARIA
Pages	355-362
Number of pages	8
ISBN (Print)	978-1-61208-438-1
Publication status	Published - Nov 2015

Fields of science

202005 Computer architecture
202017 Embedded systems
102 Computer Sciences
102002 Augmented reality
102006 Computer supported cooperative work (CSCW)
102015 Information systems
102020 Medical informatics
102022 Software development
102027 Web engineering
201305 Traffic engineering
202022 Information technology
207409 Navigation systems
502032 Quality management
502050 Business informatics

JKU Focus areas

Computation in Informatics and Mathematics
Management and Innovation

Cite this

@inproceedings{5fcd8135964d4322afe3e7a0e9be12d4,

title = "ATM Security - A Case Study of a Logical Risk Assessment (Best Paper Award)",

abstract = "Automated Teller Machines (ATMs) contain considerable amounts of cash and process sensitive customer data to perform cash transactions and banking operations. In the past, criminals mainly focused on physical attacks to gain access to cash inside an ATM{\textquoteright}s safe. They captured customer data on the magnetic strip of an ATM card with skimming devices during insertion of the card. These days, criminals increasingly use logical attacks to manipulate an ATM{\textquoteright}s software in order to withdraw cash or to capture customer data. To understand the risks that arise from such logical attacks, we have conducted a risk assessment of an ATM platform that is running in a real banking environment. The result of this assessment has revealed the main issues that are responsible for vulnerabilities of an ATM platform. In this paper, we discuss the findings of our risk assessment as well as countermeasures to mitigate serious risks in order to ensure a secure banking environment. The risk assessment has revealed effective countermeasures and has additionally provided a prioritization of activities for ATM manufacturers.",

author = "Johannes Br{\"a}uer and Bernadette Gmeiner and Johannes Sametinger",

year = "2015",

month = nov,

language = "English",

isbn = "978-1-61208-438-1",

pages = "355--362",

editor = "ThinkMind",

booktitle = "Proceedings of the Tenth International Conference on Software Engineering Advances (ICSEA 2015), Barcelona, Spain, November 15-20, 2015.",

publisher = "IARIA",

}

ATM Security - A Case Study of a Logical Risk Assessment (Best Paper Award). / Bräuer, Johannes; Gmeiner, Bernadette; Sametinger, Johannes.
Proceedings of the Tenth International Conference on Software Engineering Advances (ICSEA 2015), Barcelona, Spain, November 15-20, 2015.. ed. / ThinkMind. IARIA, 2015. p. 355-362.

Research output: Chapter in Book/Report/Conference proceeding › Conference proceedings › peer-review

TY - GEN

T1 - ATM Security - A Case Study of a Logical Risk Assessment (Best Paper Award)

AU - Bräuer, Johannes

AU - Gmeiner, Bernadette

AU - Sametinger, Johannes

PY - 2015/11

Y1 - 2015/11

N2 - Automated Teller Machines (ATMs) contain considerable amounts of cash and process sensitive customer data to perform cash transactions and banking operations. In the past, criminals mainly focused on physical attacks to gain access to cash inside an ATM’s safe. They captured customer data on the magnetic strip of an ATM card with skimming devices during insertion of the card. These days, criminals increasingly use logical attacks to manipulate an ATM’s software in order to withdraw cash or to capture customer data. To understand the risks that arise from such logical attacks, we have conducted a risk assessment of an ATM platform that is running in a real banking environment. The result of this assessment has revealed the main issues that are responsible for vulnerabilities of an ATM platform. In this paper, we discuss the findings of our risk assessment as well as countermeasures to mitigate serious risks in order to ensure a secure banking environment. The risk assessment has revealed effective countermeasures and has additionally provided a prioritization of activities for ATM manufacturers.

AB - Automated Teller Machines (ATMs) contain considerable amounts of cash and process sensitive customer data to perform cash transactions and banking operations. In the past, criminals mainly focused on physical attacks to gain access to cash inside an ATM’s safe. They captured customer data on the magnetic strip of an ATM card with skimming devices during insertion of the card. These days, criminals increasingly use logical attacks to manipulate an ATM’s software in order to withdraw cash or to capture customer data. To understand the risks that arise from such logical attacks, we have conducted a risk assessment of an ATM platform that is running in a real banking environment. The result of this assessment has revealed the main issues that are responsible for vulnerabilities of an ATM platform. In this paper, we discuss the findings of our risk assessment as well as countermeasures to mitigate serious risks in order to ensure a secure banking environment. The risk assessment has revealed effective countermeasures and has additionally provided a prioritization of activities for ATM manufacturers.

UR - http://www.thinkmind.org/index.php?view=article&articleid=icsea_2015_13_40_10219

M3 - Conference proceedings

SN - 978-1-61208-438-1

SP - 355

EP - 362

BT - Proceedings of the Tenth International Conference on Software Engineering Advances (ICSEA 2015), Barcelona, Spain, November 15-20, 2015.

A2 - ThinkMind, null

PB - IARIA

ER -

ATM Security - A Case Study of a Logical Risk Assessment (Best Paper Award)

Abstract

Fields of science

JKU Focus areas

Other files and links

IT Security

Cite this

ATM Security - A Case Study of a Logical Risk Assessment (Best Paper Award)

Abstract

Fields of science

JKU Focus areas

Other files and links

Projects

IT Security

Cite this