ATM Security

Introduction
• Automated teller machines (ATMs) are targets for fraud, robberies
and other security breaches.
• Modern ATMs are implemented with high-security protection
measures. They work under complex systems and networks to
perform transactions.
• The data processed by ATMs are usually encrypted, but hackers can
employ discreet hacking devices to hack accounts and withdraw the
account's balance.
Why AES?
• AES uses a variable length encryption key, with a length of 128, 192 or
256 bits, and encrypts data in 128-bit blocks. The only way for an
unauthorized person to decrypt data encrypted with AES is by a so-
called brute force attack, which involves testing all possible
permutations of the encryption key, so AES is significantly more
secure than DES or triples DES.
• The supplied PIN is encrypted at the entry terminal, during this step a
secret cryptographic key is used. In addition to other transaction
elements, the encrypted PIN is transmitted to the acquirer’s system.
Then, the encrypted key is routed from the acquirer’s system to a
hardware security module. Within in the PIN is decrypted. With a
cryptographic key used for in interchange, the decrypted key is
immediately re-encrypted and is routed to issuer’s system over
normal communication channels. Lastly the routed PIN is decrypted in
the issuer’s security module and the validated.