Forgot your password?
typodupeerror
Security The Almighty Buck Virtualization IT

Diebold Marries VMs with ATMs to Secure Banking Data 151

Posted by timothy
from the do-you-machine-take-this-data dept.
gManZboy writes "Automatic teller machine maker Diebold has taken a novel approach to protecting bank customer data: virtualization. Virtualized ATMs store all customer data on central servers, rather than the ATM itself, making it difficult for criminals to steal data from the machines. In places including Brazil, customer data has been at risk when thieves pulled or dynamited ATMs out of their settings and drove off with them. With threats increasing worldwide at many retail points of sale, such as supermarket checkout counters and service station gas pumps, Diebold needed to guarantee the security of customer data entered at the 50,000 ATMs that it manages. Diebold last year partnered with VMware to produce a zero-client ATM. No customer data is captured and stored on the ATM itself." Perhaps Diebold should take the same approach to vote-tabulating machines.
This discussion has been archived. No new comments can be posted.

Diebold Marries VMs with ATMs to Secure Banking Data

Comments Filter:
  • Erm... (Score:5, Insightful)

    by Spad (470073) <<slashdot> <at> <spad.co.uk>> on Wednesday January 04, 2012 @06:22PM (#38589816) Homepage

    Presumably the money is all sitting in a VM at one of Diebold's datacentres as well?

    Who the hell steals an ATM out of the wall to get customer data? You just send out a phishing email and you'll probably get 100x the return without having to blow a bloody wall to pieces and steal what amounts to a large cube of metal.

    Also, who the hell was storing any significant customer data on the ATMs in the first place?

    • Re:Erm... (Score:5, Insightful)

      by lucm (889690) on Wednesday January 04, 2012 @06:28PM (#38589896)

      Who the hell steals an ATM out of the wall to get customer data? You just send out a phishing email and you'll probably get 100x the return without having to blow a bloody wall to pieces and steal what amounts to a large cube of metal.

      Who said that they stole ATMs to get customer data? It was a "happy" side effect since the money and the data were stored in the same container. It's like a pickpocket that wants the money in your wallet but also ends up with your swingers club membership card and the pictures of your children.

      • Re:Erm... (Score:5, Insightful)

        by icebike (68054) * on Wednesday January 04, 2012 @06:48PM (#38590122)

        Who said that they stole ATMs to get customer data? It was a "happy" side effect since the money and the data were stored in the same container. It's like a pickpocket that wants the money in your wallet but also ends up with your swingers club membership card and the pictures of your children.

        Are you so sure it actually runs that way, even in Brazil? I've never seen an ATM without a network connection of some sort.

        I seriously doubt there is any customer date in the ATM. Refreshing that daily would be a nightmare.
        Having the system on a VM seems to be necessary because Diebold insists on using Windows in the boxes. Windows, left laying around in public!! Idiots! By having VMware, running, they can give each customer a fresh virtual machine to run the transaction, saving them a whole lot of programming to make sure all cached data is cleared from memory. (In other words saving them from having to do a competent job in the first place).

        A simple terminal system would do the same. There never was a valid use case for having any data resident in the cash machine.

        The more you read the story the less you are sure that what they are reporting is actually what is happening, because it is so incredibly dumb. But then this is Diebold, so.....

        • by lucm (889690)

          Who said that they stole ATMs to get customer data? It was a "happy" side effect since the money and the data were stored in the same container. It's like a pickpocket that wants the money in your wallet but also ends up with your swingers club membership card and the pictures of your children.

          Are you so sure it actually runs that way, even in Brazil? I've never seen an ATM without a network connection of some sort.

          I seriously doubt there is any customer date in the ATM. Refreshing that daily would be a nightmare.

          Best case scenario yes, the network is up. But what if the network is down? Do you lock out the customer? Nah, you make sure that the card is valid (simple algorithm or the chip) and you log the transactions so you can consolidate them later (and track down the people who withdrew too much money).

          Sometimes when you see a message saying that the account balance is not available, you can bet that you are dealing with a node that is disconnected from the mothership and will stack up transactions until it can u

          • I always thought that when the balance was not available meant that the ATM was out of paper. It's the only time I don't get a receipt. I have my profile set to automatically generate a receipt.
            • Re:Are you sure? (Score:5, Informative)

              by lucm (889690) on Wednesday January 04, 2012 @08:08PM (#38590846)

              I always thought that when the balance was not available meant that the ATM was out of paper. It's the only time I don't get a receipt. I have my profile set to automatically generate a receipt.

              It depends on your local ATM I guess, but just for fun, next time you can't get a balance before withdrawing, try to take out more money than you have (if the ATM limit is high enough) and you'll have the answer. They will put a negative balance in your bank account and call you to complain a few days later.

              This happened to a friend of mine who was sure the ATM was broken so he kept taking money out. Tsk tsk. Beating the bank - not possible!

          • Best case scenario yes, the network is up. But what if the network is down? Do you lock out the customer?

            Last time I was at a Scotiabank that's exactly what they did. Some part of their network went down, all the ATMs were shut down. No idea how big the outage was, but I know for sure the ATMs were nonfunctional. The in-bank ones were even powered off.

          • Best security practice: if the network is down you lock the customer out. Allowing withdrawals with no way to verify would allow criminals to take money from every bank machine in the country (from an empty bank account). And yes, that has happened before. From a security perspective the only safe option when you can't verify account balance is to block all outflow of cash or pay bills.
            • Re:Erm... (Score:4, Insightful)

              by bws111 (1216812) on Wednesday January 04, 2012 @10:13PM (#38591768)

              Best security practice is to not have ATMs. Or electronic banking. Or paper checks. Or bank accounts. Or credit/debit cards. Or even cash. All of them have been abused by criminals. However, out here in the real world most people don't live in a constant state of paranoia about what criminals might do, and they don't like it when they can't access their money.

              • by Darinbob (1142669)

                But even in the real world you want your banks to make a half hearted attempt at security, and they're not even doing that much usually. You don't have to be paranoid to lock your doors at night.

                • by Luckyo (1726890)

                  Banks make a whole lot more then half-hearted attempt at security. Their network security nowadays is a work of art. The problem is that the amount of people who want to hack them is also astronomically higher then anyone else.

        • Re: (Score:2, Informative)

          by Anonymous Coward

          I work in network operations for a company that does core processing for banks. None of our thousands of ATMs store customer data on the ATM and I can't imagine a reason any of our competitors would do it differently than we do.

          The ATM is going to have to report back to whatever server or mainframe maintains the account balance regardless, why would you cache that information on the ATM?

    • by cruff (171569)

      Who the hell steals an ATM out of the wall to get customer data?

      Presumably the real reason for ripping it out of the wall is to get to the cash contained therein. According to TFA, the more refined thieves install some malware on the ATM which is running Windows XP or OS/2 that gathers the information and saves it to an encrypted file on storage local to the ATM, then they read out the encrypted file later. In the virutalization scheme, the ATMs become a thin client only responsible for updating the display and sending key presses and card information back to the cent

      • There are service techs who install hardware monitors for criminal gangs to steal customer data. I suppose a VM could make that harder. If you really want to lock them out you must have the entire computer locked in a box with a self destruct, or everything on one chip (Easy, cheap, secure. An ATM is just a dumb terminal).
        • by Darinbob (1142669)

          Put the ATMs inside the banks, only usable during operating hours. That would solve most of the problems except that customers would cry that the added security is too inconvenient.

          If they do have one outside they should secure the transaction to the back office so that man-in-the-middle won't work, and disallow operation if the network is down (yes, some customers will cry that one day a year it doesn't work but ignore them).

    • by elrous0 (869638) *

      Also, who the hell was storing any significant customer data on the ATMs in the first place?

      That's exactly what struck me about the summary. What's "novel" about an ATM being networked into a central server where the data is stored? I thought they were ALWAYS like that (long before the modern consumer internet even existed). Even back in the 70's I remember them being networked to the bank's central server.

    • Diebold has always been incompetent.
    • by RemyBR (1158435)

      Exactly what I was thinking. Here in Brazil these kinds of ATM robbering using explosives make the news at least once a week, but I can't remember hearing even once that they were after customer data. Actually I ever thought that the ATMs were more like dumb terminals to start with. There's no need to store any kind of customer data on them.

      As for the robbering, what banks are doing is to mark the bills with ink when the ATMs are forced open, and there's even regulation in place that say people and commerce

      • by Darinbob (1142669)

        I suspect a lot of them just aren't constantly connected to a network but may do periodic connections. Especially in places where there aren't free and abundant internet connections. And you don't trust the internet for this stuff, instead you use the leased line from the bank branch to the back office mainframe.

    • Why would one store customer data in any kind of non-volatile storage on an ATM machine in the first place? You can run software on the local machine without storing data. It just seems like moving the software into a VM so as not to store customer data locally is hitting a thumbtack with a sledgehammer.

      • Ah, but it's hitting a thumbtack with a sledgehammer that you can charge monthly hosting fees for, and disable immediately if the customer doesn't pay up.

        The "Provide product, receive money, repeat." business model is, like, totally retro, man. Why do that played-out stuff when you can make the customer pay for the box and build in technological measures to yank the firmware if they ever stop paying, then call it a security feature?

        All the cool kids are building in network-dependent 'security' feature
    • Re:Erm... (Score:5, Insightful)

      by fuzzyfuzzyfungus (1223518) on Wednesday January 04, 2012 @07:38PM (#38590584) Journal
      Luckily, some fancy VM setup definitely prevents customer data from passing through the local PIN pad and/or touchscreen controller hardware. Thankfully, hardware keyloggers suddenly give up in defeat if they are asked to log keystrokes going to a super-secure remote VM...
      • by lgw (121541)

        The simpler the terminal, the more obvious any modification.

        • Quite true; but I suspect that anything running a VMware View client(if the VM is hosted remotely, this is what a system developed with VMware is going to be using) or something running a full x86 VM on top of vmkernel(if the VM is hosted locally, this would be the VMware tech most likely in use) is not going to qualify as "simple" for any terribly useful definition of the term, certainly no simpler than the more-or-less-normal-but-in-an-armored-case x86s that Diebold usually uses.

          The one major advantage
      • by drrck (959788)
        Most ATMs use EPPs or: http://en.wikipedia.org/wiki/Encrypted_PIN_Pad [wikipedia.org] No cleartext information is sent to the terminal.
    • by Chewbacon (797801)
      I'd say who the hell would try to rob an ATM in the first place, but then people do. My fiancé works at a bank that recently got broken into and the guys tried to break into the ATM. They busted the lock on it at which point the alarm went off (way after they shattered the glass door). It took Diebold 8 hours to drill their own ATM and get the money out. In my old IT job I had to support communications for a few ATMs. The guy that filled it fucked up and put the wrong bills in the wrong slot. So the ba
      • by Kalriath (849904)

        I should kind of hope that it takes them hours to get into the thing.

      • by TheLink (130905)
        The slightly smarter ones use forklifts and trucks. That way they can take their time to break into the ATM.
    • by Nursie (632944)

      Also, who the hell was storing any significant customer data on the ATMs in the first place?

      'xactly.

      This sounds like someone has put a marketing spin on "we fixed a really dumb security problem we had", and figured out that if they threw in the word VM then someone else may say "cloud" and suddenly we have buzzwords and more sales!

      This is, of course, why I'll always be in the engineering department. Marketers are not supposed to make press releases saying "We're sorry it took us so long to stop storing your

    • by Darinbob (1142669)

      The solution is not necessarily using VM; the solution is to not trust the damned ATM in the first place and use a remote server!

      Banks are notoriously awful about security. Security and convenience to not cooperate. So for a time banks would encode the PIN codes on the back of the ATM cards so that they wouldn't have to have a delay while it was verified with the back office; the reasoning I presume is that your typical customer wouldn't own such a complex machine as a card reader. Even today banks still

    • Also, who the hell was storing any significant customer data on the ATMs in the first place?

      That was my first thought, I assumed they already worked like this!

  • No, not unless it is completely transparent. They wouldn't even allow review of their source code. Not to mention that all election results would presumably end up under the control of one company. Not a good idea, sorry.
  • by jordan314 (1052648) on Wednesday January 04, 2012 @06:26PM (#38589874)
    This is a good idea, but it doesn't protect the customer from a skimmer skimming the card and a video camera recording their pin.
  • by Presto Vivace (882157) <marshall@prestovivace.biz> on Wednesday January 04, 2012 @06:28PM (#38589908) Homepage Journal
    ever stored customer data in the ATM terminal itself. I always assumed that the info was all in the bank's server. Things are worse than I imagined.
    • by tverbeek (457094)

      So they've figured out that they should be doing something that anyone with any sense whatsoever would have been doing from Square One?

      • by Pieroxy (222434)

        So they've figured out that they should be doing something that anyone with any sense whatsoever would have been doing from Square One?

        Yes. That's called progress. For them at least.

        • While working for a Fortune 500 company I was constantly amazed by the low bar set on "innovation". There was a a very strong "If it hasn't been done here then it must be new" mentality.

      • by neonKow (1239288)

        Don't worry. They'll realize their mistake soon and go to their back-up method: storing our private info on paper print-outs stored in a built-in plastic tub with a window so ATM maintenance will know when to go empty the paper into the nearest garbage bin.

    • by mirix (1649853)

      I thought this too. Why else do they not work without a network connection?

      It must be all server based, it's not going to store the accounts and balances of every supported cardholder... Even if it did, it changes constantly, and still requires networking for current balances, new accounts, etc.

    • Back when ATMs were a new thing I financed a holiday on credit by exploiting a bug in ATMs. Apparently the banks in those days did batch processing overnight and were unable to handle messages from their ATMs. So late at night you could withdraw money and push your account into debt.

      • by TheLink (130905)
        If they made more money out of that than they lost, it's not a bug but a feature.
    • by Midnight_Falcon (2432802) on Wednesday January 04, 2012 @06:58PM (#38590202)
      Don't use your credit card at a restaurant then. Almost all point of sale systems cache locally to some extent, often for up to a month!

      These systems were all built with bad network communication in mind -- verifying over phones, etc, which causes them to have to store this credit card data (PAN data). Because modern systems are just upgrades on these old codebases, little has changed but to give it the bare amount of encryption/etc for PCI compliance, which is routinely ignored by small businesses.

  • by hawguy (1600213) on Wednesday January 04, 2012 @06:31PM (#38589942)

    I think proper use of encryption should protect the customer data on the local machine - store the decryption key on the server and only hand back to the ATM if it requests it over its private secure link. And if the intrusion sensor goes off on the ATM, delete the decryption key along with the public key that the ATM uses to authenticate itself -- make a technician visit the machine and look for tampering before reloading with the authentication key.

    I doubt any of these data thieves are keeping the ATM powered until they can take it back to their shop and and use data probes to capture data from a running machine.

    But is this really a problem? Do ATM's store easily recoverable data on a hard drive?

    I thought skimmers were the way to go if you wanted to steal account data from an ATM.

    • by Pieroxy (222434)

      I think proper use of encryption

      I stopped right there. You know we're talking about Diebold right?

      • This is the division of Diebold that handles stuff we care about, not the division(now "Premier election systems") that handles ceremonial functions.
      • by Darinbob (1142669)

        You make it properly secure and then it's too expensive to sell.

        • by Pieroxy (222434)

          You make it properly secure and then it's too expensive to sell because there's the Diebold alternative which looks as good to a clueless user.

          There. FTFY.

    • by Asic Eng (193332)

      But is this really a problem? Do ATM's store easily recoverable data on a hard drive?

      If they want to give out money even if there is no network connection, then they need to be able to store transactions and execute them later - even after a power-failure or after another type of system failure. Of course that data ought to be stored in an encrypted format with separate keys for encryption and decryption. The ATM ought to delete the decryption key from memory as soon as the network connection is lost, an

  • Option 1: you have a centralized ATM/POS software, no data on the end points. Great security. But your network connection becomes a liability - no network, no transactions, even if the client and the money are in the same physical location.

    Option 2: you have decentralized ATM/POS, with partially cached information on the end points. That way when the network is down, people can still perform transactions and there is a consolidation that occurs once the network is back. But if people come in your store at n

    • by Samalie (1016193)

      Option #1. Every time.

      Who the fuck would want Option #2?

      I can go without making a transaction at Store_ATM_001345716 at a given moment.

      • by lucm (889690)

        If you are a business owner that will lose money when the shitty DSL modem is blinking, you might have to reconsider.

    • option 3: Make the ATMS thin and for locations that have a secure vault have a second server in the bank vault that can proxy for the network if it goes down for a few hours and if you want, have two network connections. That should cover most eventualities.
  • Not really (Score:2, Informative)

    by Anonymous Coward

    I stopped reading when it said that ATMs store customer data on the machine. That's the most ridiculous thing I've ever heard. ATMs have always accessed customer data from central servers.

    If that weren't the case, I could just visit all the ATMs for my bank and withdrawl my account balance. There would be no way the machines would know I've made withdrawls.

    Fuck, does the Diebold tech just walk from machine to machine each day with a floppy disk?

    I've delt with ATMs before, and they usually have a DSL conn

  • by dkleinsc (563838) on Wednesday January 04, 2012 @06:39PM (#38590026) Homepage

    According to Ohio Revised Code 3101.01(A) [ohio.gov], effective in 2004, marrying VMs and ATMs is illegal.

  • Perhaps Diebold should take the same approach to vote-tabulating machines.

    I think the 'features' of the Diebold voting machines are desireable to the people who rig, err, run elections.

  • To run a GUI over a link like that you need some bandwidth and you don't want lag to get to bad.

    Now will a very slow redraw / network drop while in use freak people out. Also ATM do keep local LOG's so what happens if the network drops and cash does not come out but NOW there is no log of it and backend thinks the transacton is over. Or it fails you take the cash out and then the network comes back and it spit's out more cash as in a retry of last command.

  • I almost worked for a company that did kiosks. XP kiosks, delivering media. After asking a few basic questions I discerned;

    1) They were all part of one AD domain
    2) The systems auto-logged in via a service user that was a domain admin
    3) The application had those creds in plaintext config files
    4) That AD domain.. the company only had one.. shared with their office users / backoffice.
    5) No one really thought it was a big deal to ship a product like that with physical units in the field.

    I did not take the job.

  • Who the fuck is making up these stupid names.

    Thin client was just fine as a term in the 90s. But since
    nearly a couple decades have gone by, we need to change
    the name again??

    So, the new ATM is a chip or chips that get, everything
    including their ROM from the server, every time they are
    initialized? I don't think so... I'm sure some code is on there
    so... it's not a zero client, it's a thin client.

    Welcome to the 21st century Diebold! {11 years later}

    -AI

    Waiting for a thin client spoof so they can steal even more

  • All you do there with the VM is move the place that the data can be manipulated from the individual voting machine to the server, and even then, it doesn't stop a hack of the live running VM from affecting the rests it stores to the server.

    The reason VMs work for the ATM machines is that the people were physically stealing the ATM machine and then getting the data off the internal memory. This works because when they steal the machine, it losses power and connection to the network where the VM's backstore
  • This is new? Why was client info EVER stored locally? These should have been nothing more than a ( secure ) dumb terminal.

    • by Wovel (964431)

      It is amazing. The headline should read: Diebold realizes it has negligently stored customer data on ATM machines.

  • Perhaps Diebold should take the same approach to vote-tabulating machines.

    Sure thing. Then scumbag politicians need only hack one computer to steal an election, rather than having to hack a whole bunch of separate computers.

  • by riverat1 (1048260)

    Damn, when I first read the headline I thought it said they were going to use VMS, one of the most secure OS's out there. Sounded like a good idea.

    As others have said I find it astounding that that there would be customer data stored on an ATM. Perhaps they store a transaction log of some sort as an auditing tool.

  • "No customer data is captured and stored on the ATM itself."

    The keypad is just there for show.
    The actual PIN is recorded by mindreading lasers stationed physically inside the VM.

    • "No customer data is captured and stored on the ATM itself."

      The keypad is just there for show.

      I suspect they are distinguishing inputs (and outputs) which transit through the device from data which is "captured and stored" on the device. If each keypress on the keypad is just passed to the remote server with nothing recorded locally, that's a lot different than if the you have a stored history of local events.

  • Perhaps Diebold should take the same approach to vote-tabulating machines.

    I don't know about that. My way of thinking would be to isolate the machines from the Internet as much as possible. There are many ways in as it is. Allowing Internet access gives hackers another way into the system. As far as the speed issue? What is the hurry, there is a huge amount of time between election and the winner taking office,

  • RE: this summary. OK, ATM is a thin client. Earth-shaking technologically? no. For this business, perhaps, and "why didn't this succeed earlier".

    RE: Diebold and vote-tabulating machines in this regard per the summary:

    Are you on something? The same Diebold PR mechanism that produced and sold ATMS that ... wait for it... generated printable paper trails on each transaction stated that their solution for voting booth customers was incapable of this same paper trail.

    And you expect at this point sh
  • You would think that everything is stored and handled remotely when it's always a case of:

    *press "Make a Deposit"*
    *stare at a progress bar for 5 seconds*
    *press "Deposit a Check"*
    *stare at a progress bar for 5 seconds*
    *insert a check*
    *stare at a progress bar for 5 seconds*
    "Would you like a receipt?"
    *select a receipt type*
    *stare at a progress bar for 5 seconds*
    "Printing receipt!"
    *stare at a progress bar for 5 seconds*
    "Another Transaction or Take Card?"
    *press "Take Card"*
    *stare at a progress bar for 5 seconds*

    • by cffrost (885375)

      LOOKING AT YOU BANK OF AMERICA!

      Stop looking at Bank of Whatever and start looking for a local credit union. You're not obligated to help shady corporations generate profit and buy yachts and stadiums.

      The National Credit Union Administration [ncua.gov] has a CU locator on their home page.

      NCUA's slogan: Protecting credit unions and the consumers who own them through effective regulation.

  • by Wovel (964431)

    Why have ATM machines ever stored any customer data?

Nothing is impossible for the man who doesn't have to do it himself. -- A.H. Weiler

Working...