What are you risking with out-of-date ATM software?

Published December 03, 2020

Thieves behind cyber security attacks are becoming more intelligent every day. The key for financial institutions is to always stay one step ahead, but there’s one area where you might be leaving the door wide open for criminals: out-of-date ATM software. 

One of the most popular forms of cyber-attacks—jackpotting—exploits the software that lets customers access ATM cash. And, the losses can be significant. Ploutus ATM malware has caused losses of more than $450 million around the world alone.  

This puts into perspective the need for financial organizations to ensure their software stack on the ATM is always up to date. It sounds simple, but it’s not always happening. And while it’s a problem that’s not exclusive to the financial industry—around 55 percent of all software is outdated according to Avast--it probably has the most to lose. For the financial industry, the cost and complexity of managing an aging hardware estate is putting FIs and their customers at risk. 

What are the risks of out-of-date software?


Here’s our take on the top five risks you could face when you don’t upgrade your ATM software stack to the most recent versions: 

1. Cyber-attacks

The impact of large cyber-attacks make headlines, but why do they happen? Outdated software means your ATMs are not running the latest security patches and have software that’s not supported or has been replaced by newer versions. This means hackers have had time to work out how to infiltrate its’ flaws. Consider the WannaCry outbreak in 2017, where more than 160 million computers were affected—those who had delayed the upgrade to Windows 7 found themselves particularly vulnerable. 

2. Customer data

Data is a highly profitable commodity to fraudsters, and it’s also your most valuable asset. If your software isn’t updated it’s making it easier for them to exploit flaws and vulnerabilities to infiltrate your consumer’s information. And, the financial penalties for not adequately protecting consumer data can be huge—1&1 Telcom in Germany was fined 9.55 million euros in 2019 for not having the sufficient technical and organizational measures in place to prevent unauthorized access to customer information. 

3. Business continuity

While a cyber-attack may not always impact consumers, it can impact day-to-day running of your FI. In 2017, seven of the UK’s largest banks had to reduce operations or shut down entire systems following an attack. . For consumers, being locked out of accounts for hours, let alone days, means they can’t pay their bills or access their finances, and their own credit rating can be hit potentially causing personal ramifications in the longer term and this can significantly damage the FIs brand and see customer loyalty plummet.

4. ATM availability

Consumers expect to find your ATM readily available when they’re looking to access their cash. Outdated software is much more prone to crash, interfering with ATM availability and causing impacted customers, who are now without a reliable self-service access point to you, to go to someone who does. 

5. Compliance

Without up-to-date software, you’re not compliant. Ensuring that you’re always keeping software current means that you’re meeting regulatory compliance—whether that’s security, local regulations, and PCI (although keeping current software doesn’t make you PCI compliant—there’s much more involved, but you must be current to be compliant).

What’s the impact to your business?


All these risks can culminate and have a significant impact on your business. A jackpotting attack can steal millions of dollars in just minutes—in 2016 a group of hackers in Japan took only three hours to steal 13 million USD from 14,000 ATMs in a withdrawal spree. Also, not having the correct security systems in place could mean significant fines incurred from regulatory authorities. 

What’s more, banking access outages can significantly damage your reputation, leading consumers to look elsewhere for greater reliability when it comes to accessing their cash. The damage can be even more significant and long-lasting if it’s a breach or outage that keeps consumers out of their accounts for a long period of time. And, in a technology driven world, every transaction with a consumer is an opportunity to earn or burn their loyalty. 

How can FIs better manage software updates?


There are a number of reasons why software upgrades are difficult to manage for an FI—from having the resources and skills and software distribution tools to personnel bandwidth. Another issue is the regularity of new upgrades, just think how often Microsoft updates your laptop, or Apple updates your iPhone. So, staying on top of the updates for every ATM piece of the puzzle, making sure they work on various ATM configurations, and then distributing across an estate of hundreds, if not thousands of machines, is a difficult act to juggle.  

Increasingly, financial institutions are turning to third parties to pick up this burden. This means the FI can benefit from experts in delivering software updates across a wide estate—and with the tools at their fingertips to do it in the most efficient and secure way possible.  

But, the decision is up to you. Without running the most current software on your ATM, you’re leaving your business, and most importantly your customers, in a position where money and personal information are at the mercy of frauds, thieves and hackers.  

Need more information?