Diebold Virtualizes ATMs To Secure Banking Data

Automatic teller machine maker Diebold has taken a novel approach to protecting bank customer data: virtualization. Virtualized ATMs store all customer data on central servers, rather than the ATM itself, making it difficult for criminals to steal data from the machines.

In places including Brazil, customer data has been at risk when thieves pulled or dynamited ATMs out of their settings and drove off with them. With threats increasing worldwide at many retail points of sale, such as supermarket checkout counters and service station gas pumps, Diebold needed to guarantee the security of customer data entered at the 50,000 ATMs that it manages.

"From the entrance to Death Valley in California to a Mount Everest base camp, we must maintain them all," said Mark Kropf, head of Deibold's emerging technologies group, in an interview.

[ Want to learn more about how hackers can attack ATM machines? See ATM Hack Demo Planned for Black Hat. ]

Diebold produces Opteva ATM machines and supplies Agilis software to run on its own and other manufacturers' ATMs. Diebold ATMs have been among those targeted by hackers. Westfield Bank, Palmetto Bank, and BellCo Credit Union are among the U.S. institutions that use Diebold ATMs, ATM management, or ATM security services. In addition, Diebold supplies BancoStato in Switzerland and Banco Santander in Brazil.

Diebold last year partnered with VMware to produce a zero-client ATM. An inaccessible zero-client component causes the ATM screen to render the results of interactions with a virtual machine running on a central server in a bank or Diebold data center. No customer data is captured and stored on the ATM itself, and all data storage devices have been removed. The zero client can relay customer entries to central servers and has sufficient smarts to display the text, graphics, and video that a financial institution wishes to send to customers.

Diebold is currently trying to maintain security at each physical ATM, a user endpoint that is running either Microsoft's Windows XP or IBM's OS/2 operating system. These operating systems, although hardened, provided "a larger attack surface" for hackers than the zero client, which has no operating system and no data storage, Kropf said. He said he knew of no other ATM system running virtual machines in place of local device software.

Hackers--in some cases, company insiders--have put card readers on gas station service pumps and customer checkout machines in supermarkets, storing customer data in an encrypted file that can be downloaded by the hackers. Virtualization combats such attempts by making such a reading device an instantly identifiable interloper, since the endpoint device no longer needs any memory-equipped accessory.

"Virtualization will fundamentally change the way Diebold--and its customers--deploy solutions to the marketplace," said Frank Natoli, VP and CTO at Diebold, as the firm announced its virtualized ATM prototype on the eve of VMworld in September. "This technology is a game changer for our industry," he said at the time.

By virtualizing ATM applications, Diebold could move data security and customer privacy protection into a Diebold or bank data center. Large banks use their own data centers to run their ATM networks. "Second- and third-tier banks" use Diebold's data centers and ATM network, Kropf said.

Kropf noted that the virtual machine approach will also allow financial institutions to change customer applications more readily on central servers, then have the changes deployed automatically through the ATM network.

Even so, the primary motivation for going with virtualized ATMs was to prevent the theft of customer data. Likewise, the security features of end-user virtual machines may eventually become the compelling argument for virtualizing end-user desktops. Data stored on central servers with in-depth protections has tended to be more secure than data stored on end-user devices.

When the end-user device--whether a desktop, laptop, or tablet--is virtualized, a thief can still be prevented from accessing user data. Once the device is reported stolen, it can be wiped clean of any data that might still be resident on it through commands from the data center. And central servers hosting virtual machines can be staging grounds for establishing defenses at multiple logical boundaries, such as rechecking a user's credentials at each step of a process. For example, is this user authorized to access this particular data set?

ATMs, fortunately, were not among InformationWeek's Six Worst Data Breaches In 2011. Diebold is looking for a partner in 2012 with whom to deploy virtualized ATMs. It believes it's a step toward keeping the technology off 2012's top breaches list.

In today's uncertain and highly scrutinized financial services industry, achieving effective risk management is vital for survival. The report examines the need for enterprise risk management, the benefits of holistic data management, and ERM best practices. Download the report now. (Free registration required.)