Government Technology
Government Technology: State & Local Government News Articles

Security Hole in Citibank ATMs Underscores Larger Security Flaws



Print
Comment
ATM-close up picture

Jul 3, 2008, News Report

TraceSecurity disclosed today that the case of Citibank customers whose funds were hacked via the connection between ATMs and third parties processing their PIN codes, are just the tip of the iceberg when it comes to the overall security and compliance of the networks that process ATM transactions. Over the past five years, TraceSecurity personnel have uncovered thousands of un-patched ATM processing servers while performing routine security compliance inspections. The company is responsible for performing annual audits and inspections for firms in the financial services space to ensure they are complying with industry and government regulations that help protect consumers' sensitive data as well as the funds in their accounts.

"Most people's home personal computers are better protected from malicious hackers than many ATM servers," remarked Jim Stickley, CTO and vice president of strategy and solutions at TraceSecurity. "Financial institutions are failing to perform patch updates to ATM servers often because third party vendors aren't approving the patches to be applied to systems running their ATM software. As a result, hackers could easily exploit known security holes in operating systems such as Microsoft, which are used by many ATM solutions available today."

In addition, the company has found that many financial institutions are not placing their ATM servers into secured private segments on the network. This means that anyone with basic access to the network can eavesdrop on the data and transactions being processed by the ATMs and hack away at un-patched services. Officials recommend that ATMs should always be segmented onto their own network segments with tight access controls in place.

Stickley added, "Financial institutions need to do a much better job at setting up their network infrastructure. Unfortunately many organizations make the assumption that as long as the servers are behind a firewall they are safe. That is simply not the case."

MJ

If You Liked This Article, You May Also Like...

Related Products and Services


Latest Government Technology News


Industry Solutions for Government

Read real world deployments of technology in government from our sponsors.

View All Industry Solutions

Marketplace


This section
brought to you by:
Ca - Transforming IT Management

CA World® 2008
An educational and networking conference for IT professionals.
  • 800+ conference sessions.
  • Free pre-conference education classes for registered attendees; available on a first-come basis.
November 16-20, 2008
Register Today!

SF Health Plan

  Yes! I would like more information about CA's solutions for Government.

Security Management

The Evolution of Identity and Access Management IAM has become a key tool in the organization’s security and risk management efforts. Many Govt. organizations however, are not realizing the potential of a fully evolved IAM solution. This paper helps them achieve that goal.

How can a comprehensive IAM solution help me reduce security risk and achieve easier compliance? Identity and Access Management (IAM) solutions help you manage users and their access to your IT resources while acheving more effective compliance.

IT Governance

IT Governance: Making the Difference in Cities, Counties and States Project and portfolio management helps government respond to old and new challenges. Featuring case studies from California Department of Agriculture, New York City, and Oakland County, Michigan.

CA Information Governance Solution Brief The CA Information Governance solution helps you solve an array of challenges with unique offerings including federated records management, email management, retention management and business process automation.

Enterprise Management

IT Network Management: State and Local Governments Face New Challenges Network and voice management tools help agancies get optimum performance from today's increasingly complex networks.

Success Stories: San Francisco Health Plan San Francisco Health Plan helps more people access affordable healthcare by simplifying IT management

Success Stories: Social Services Agency, County of Santa Clara County of Santa Clara improves the quality of social services with simplified IT management

CA Network & Voice Management Solution Brief Integrated, fault and performance management for end-to-end service assurance of multi-vendor, multi-technology converged networks.

Risk Compliance and Best Practices

Key Trends in the IAM Market and how CA's R12 Suite Addresses these Trends Identity and Access Management (IAM) has been a major force in the enterprise IT marketplace for years now.This paper will address the question: What's driving interest in IAM solutions?

Network and VoiceManagement for Evolving Business IT management specialist CA provides a foundation for delivering the value of unified network and voice management

A Vision for Dynamic Business Service Management By applying new levels of consolidation, automation and insight, dynamic Business Svc Mgt delivers improved service levels and cost controls

Deploying the CMDB for Change & Configuration Management The Configuration Management Database (CMDB) plays a critical role within the ITIL framework.

The Changing Face of Network Management Automated NCCM tools reduce the downtime and degradation caused by configuration changes.