Friday, 21 September 2012

PCI SSC seeks feedback on ATM Security Guidleines

At its North America Community Meeting on 14th September 2012, the Payment Card Industry Security Standards Council (PCI SSC) announced it is seeking feedback from Participating Organizations on a draft ATM Security Guidelines Information Supplement, which is scheduled for publication later in the year.

This supplement provides best practices to mitigate the effect of attacks to ATMs aimed at stealing PIN and account data. Participating Organizations (POs) have until 13th November 2012 to review and comment on the Supplement.
According to the PCI SSC:

 "PCI Standards currently address ATM PIN pads, but not the ATM as a whole. In the absence of a global industry standard for securing ATMs, the Council has developed a set of compromise-prevention best practices based on existing standards from a number of industries, including IT, security, payment card and ATM that stakeholders can leverage in their ATM security efforts.

The draft ATM Security Guidelines Information Supplement provides an introduction to ATM security and outlines best practices that address the software, hardware and device components of the ATM. The intent is for the final document to guide ATM manufacturers, hardware and software integrators, and deployers of ATMs in the secure development, deployment and maintenance of ATMs."

Not all  ATM stakeholder organisations are POs however - information on the PCI SSC website indicates that the annual membership fee for a PO is US$3,000!

No comments:

Post a Comment