Major Security Hole in Citibank ATMs

Security Incidents : Major Security Hole in Citibank ATMs

Posted by Max on 2008/7/3 16:38:16 (1040 reads)

TraceSecurity, a provider of SaaS security compliance and risk management solutions, disclosed today that the case of Citibank customers whose funds were hacked via the connection between ATMs and third parties processing their PIN codes, are just the tip of the iceberg when it comes to the overall security and compliance of the networks that process ATM transactions.

Over the past five years, TraceSecurity personnel have uncovered thousands of un-patched ATM processing servers while performing routine security compliance inspections. TraceSecurity is responsible for performing annual audits and inspections for firms in the financial services space to ensure they are complying with industry and government regulations that help protect consumers' sensitive data as well as the funds in their accounts.

"Most people's home personal computers are better protected from malicious hackers than many ATM servers," remarked Jim Stickley, CTO and Vice President of Strategy and Solutions at TraceSecurity. "Financial institutions are failing to perform patch updates to ATM servers often because third party vendors aren't approving the patches to be applied to systems running their ATM software. As a result, hackers could easily exploit known security holes in operating systems such as Microsoft, which are used by many ATM solutions available today."

In addition, TraceSecurity has found that many financial institutions are not placing their ATM servers into secured private segments on the network. This means that anyone with basic access to the network can eavesdrop on the data and transactions being processed by the ATMs and hack away at un-patched services. Officials at TraceSecurity recommend that ATMs should always be segmented onto their own network segments with tight access controls in place.

Stickley added, "Financial institutions need to do a much better job at setting up their network infrastructure. Unfortunately many organizations make the assumption that as long as the servers are behind a firewall they are safe. That is simply not the case."

To learn of other ATM scams that TraceSecurity unveiled to consumers inorder to better educate them of the dangers of using an ATM, please click on the following URL:
http://www.tracesecurity.com/news-events/news/2007-fake-ATM-scams.php .

About TraceSecurity
TraceSecurity is a leading provider of security compliance and risk management solutions. The company helps organizations of all sizes to achieve, maintain and demonstrate security compliance while significantlyimproving their security posture.

Previous article - Next article

Other articles
2010/3/18 8:07:31 - Panda Cloud Antivirus Receives ICSA Labs' First Cloud-Based Certification
2010/3/17 15:49:34 - Open-Source Email Security Taken To The Next Level at WebhostingDay
2010/3/17 15:18:40 - McAfee Warns ABout Scareware or Fake Antivirus Software
2010/3/2 5:22:13 - VeriSign and AVG Will Integrate VeriSign Trust(TM) Seal Within AVG LinkScanner(R)
2010/3/1 7:36:12 - New Stealth Software Protects P2P Users From Lawsuits by Copyright Holders
2010/2/24 13:55:16 - New State of The Art Firewall By Palo Alto Networks
2010/2/24 13:50:26 - Beware of Fake Antimalware Programs Like PCsProtector
2010/2/24 13:38:02 - New Registry Cleaner Guide Helps Your PC Perform Faster
2010/2/3 7:32:43 - PC Login Now (Full version) Available Now For Free.
2010/2/3 7:11:57 - Mitto Named One of 20 Top Web Applications

The comments are owned by the poster. We aren't responsible for their content.