ATM Secure Communications
An important aspect of ATM security is securing the communications between the device and SWITCHWARE, using a holistic approach that includes Secure Socket Layer/ Transport Layer Security (SSL/TLS). The most important thing to consider when evaluating how to secure the communications to an ATM is to also ensure high availability, which most financial institutions expect form their ATMs. Using SSL/TLS provides encrypted transmission of cardholder data accross open, public networks of PCI.
- Endpoint authentication of data delivery
- SSL data encryption confidentiality
- Message integrity and validation
- Certificate verification between endpoints (ATM and SWITCHWARE)
- Set minimum public key length
- Eliminate impersonation of an endpoint (ATM, POS, network, etc.)
- Secure the contents of the message using encryption
- Provide fast and reliable data security
- Ensure data values have not been manipulated
- Prevent man-in-middle attacks, SSL replay attacks, truncation attacks and SSL key renegotiation
- Improved customer support services
Secure Socket Layer/Transport Secure Layer (SSL/TLS)
Secure Sockets Layer/Transport Layer Security (also referred to as SSL) covers all the categories listed above with the added benefit of running over TCP/IP channels. This is the protocol of choice for the Internet due to its reliability. The most common operating mode for SSL is server-authentication and it is this mode that highlight SSL’s ability to satisfy the categories of authentication, confidentiality and message integrity.
Security for NCR Aptra
When combined with “Security for Aptra” which creates a trusted environment to protect the assets and the network by applying different policy settings and using the product “Solidcore” that ensures the integrity of applications on the ATM by making sure that only authorized code can run, and that this code cannot be modified or hijacked. SSL would allow banks to provide a secure environment for customers when conducting ATM transactions. This emphasizes the importance of SSL in the layered security model adopted by NCR.
NCR Requirements & Recommendations
- Minimum of TLS 1.1 (recommended 1.2)
- Verify certificates of the server
- Minimum 2048 bit public key length
- Creation of new sessions when renegotiation is needed