Recently some high level Financial Institution CEO’s were interviewed on one of the major financial network morning news programs. One of the leading questions was what did they envision the financial landscape to look like in 20 years, what would be the major influencers now and then? Their response covered (3) major themes: 1) Disruption, 2) Data Security, 3) Regulation.
This interview ignited our focused thinking about data security and the continued unfortunate practice of card skimming via the ATM Card Reader module. While EMV is emerging as a means to combat card based data breaches in both retail and financial spaces, there are thousands of ATMs deployed also in these same spaces that are obviously card and PIN-based for secure account access by the card holder. Based on the number of active ATMs alone in the marketplace, the reality to have to refit units with EMV based card readers will take some time, and even then based on age and compatibility some will have to be fully replaced for compliance and regulatory purposes. Even after this conversion occurs, we believe there will still be a requirement for physical card reader security, and as with anything else, in time those that want to harm and affect accounts and financial access and funds will potentially find a way to impact EMV. If anything it will certainly shift criminal behavior and attention to a trove of open season financial data, potentially in the on-line and FinTech based payment and purchase platforms that are highly popular in the mobile space.
For our purposes, let’s look in terms of the physical ATM environment at a Financial Institution today. The ATM is outfitted with a card reader possibly motorized reader or more likely a DIP reader version. From what we have learned in our research and conversations with customers as well as anti-skim technology developers we are partnering with is that there needs to be a means to combat the way that skim devices are placed and what information they are capturing. In other words there needs to be a simultaneous solution to not only detect placement of a foreign device but also to impede the siphoning of the key customer account information. Further, monitoring of and logging activity at the card reader are also useful. While some institutions have devised ways to physically prevent skim devices from being installed on the card readers, that physical barrier still does not mean that the electronic or surveillance (in the case of mini cameras tracking keystrokes on a keypad) aspects of skimming are defeated.
QDS offers a universal anti-skimming solution for both the motorized and DIP formats that operated independently of any host or ATM Processor integration and can be implemented same day to afford your ATMs immediate protection on the card reader. The solution can scale and also incorporate some network monitoring capabilities, but most importantly offers, disruption of the device, jamming of any traffic affecting the card reader and detection settings to take the card reader temporarily out of service until the threat is gone, but not disrupt ATM functions.