The landscape of ATM security is changing and it is outgrowing current security strategies that most financial institutions have in place. A March 2016 research study by Forrester Research highlighted several key areas that are of concern when it comes to ATM security. As digital threats evolve and increase, more measures are required to protect and secure ATM fleets. This requires a great deal of technology, management, and manpower. The four primary findings from the research detailed here provide an overview of the overwhelming task that lies ahead for financial institutions and the future of bank security.
In terms of ATM security, financial institutions lack confidence.
The financial institutions surveyed for the study have regional ATM fleets comprised of 100 to 499 ATMs. Each allocates between 21% and 30% of its in house security strategies to those fleets – and still feel that it is not enough. With technology growing at such a tremendous rate, it is difficult to keep up with all the new schemes like physical security, phishing, information security, and skimming. Financial institutions feel ill prepared to meet these rising challenges of managing their ATM services.
Internal teams are not up to the task of security management.
While financial institutions rate their confidence in ATM security at an average of 8 out of 10 in information security, card fraud, and physical security, technology is still lacking. When asked what they would cite as their organization’s current ATM security challenges, 45% of the financial institutions cited lack of technology. Additionally, 44% said that the changing nature of the threat landscape and too many ATMs to manage tied as areas of concern. Lack of a trusted partner was named by 41% as an area of unease.
Resource and technology issues present new and pressing challenges in the changing landscape.
The security threats that have the potential to cause the most damage are also the most difficult to manage and prevent. Card skimming is both the most damaging security threat and it is the most challenging to prevent according to 68% of the respondents. Malware came in second with 62% citing it as most damaging and 58% that consider it a challenge. USB attacks and card trapping came in at 59% and 57 % respectively as most damaging and 54% and 55% as most difficult to prevent. The average discovery times for different security incidents vary depending on the intrusion:
- Information security – minutes
- Physical security – hours
- Card fraud and compliance – days
Faster response times are definitely needed. The longer a security incident takes to resolve; the more severity of potential damage it can incur to the financial institution.
Financial institutions seek out support from partners but resist relinquishing control.
Of the retail banks surveyed, 83% reported that they have plans to increase their spending on ATM security over the next year. They are very aware of the shortcomings and challenges they face and are taking steps to rectify the situation. However, increasing spending on ATM security is not the answer. Many banks are gravitating toward outsourcing at least portions of their ATM security to augment their in house support. While only 40% of banks reported they are considering to outsource the management of information security and 42% physical security, 52% said they are considering seeking to outsource the security management of card skimming and 54% for compliance.
Financial institutions are realizing that shouldering all the ATM security challenges is likely beyond their reach. This report highlights the areas of vulnerability and concern so that steps can be taken to design a security strategy that meets their individual needs.
What measures are security companies taking to meet the needs of banks and their challenges with ATM services?
Allied is taking ATM services one step further than the typical ATM provider by offering its bank customers with full scale management of ATM sourcing and servicing as well as handling the physical security of branch and ATM self service areas. Since banks want to focus more funds and resources on the customer experience, we felt it was time to start providing banks with a service that takes this burden off their hands. Learn more by clicking here.