|
More
than one hundred financial institutions turn to NCR’s multi-vendor
APTRA Software Security to protect their ATMs – and their customers
– from ‘inside-out’ skimming attacks
NCR
Corporation, the global leader in ATMs, announced that it has sold
more than 50,000 licenses of Solidcore for APTRA?, an ATM software
security solution that prohibits the introduction of unauthorized
code to an ATM. Solidcore for APTRA protects the system from “inside
out” skimming attacks. These attacks, similar to those recently
perpetrated in Russia, involve the insertion of malicious code onto
the ATM – usually by someone with insider access to ATM.
Integrated
within the NCR APTRA Software Security solution, Solidcore for APTRA
is the only proven security solution to preserve system integrity
and prevent malware on ATMs. More than 100 NCR customers around
the world have turned to NCR to provide Solidcore for APTRA on their
single and multi-vendor ATM networks. Solidcore Systems Inc. is
a California-based provider of technology to protect critical IT
infrastructure, from devices to data centers.
“While
the industry only focused on network threats such as viruses and
worms, NCR recognized that the underlying risk to any system was
unauthorized software from any source - particularly the growing
risk of insider fraud,” said Rosen Sharma, chief technology officer
for Solidcore. “NCR combined its awareness of IT threats with an
in-depth knowledge of financial industry delivery channels such
as the ATM and tailored the Solidcore runtime control and whitelisting
technology to the unique 24/7 needs of these self-service channels
to protect them from unauthorized code.”
Rather
than reacting to known attacks as they arise, Solidcore for APTRA
proactively allows only authorised code to run. Specifically, Solidcore
for APTRA automatically creates and updates the inventory of good
code and limits the runtime environment to the code in that inventory,
or whitelist.
In
addition, authorised code cannot be modified, deleted or hijacked
– the process in which malicious code replaces authorized code with
itself.
“NCR
is determined to continue leading the industry in safeguarding the
trust and integrity of the ATM channel,” said Michael O’Laughlin,
vice president and general manager, NCR Financial Services Solutions.
“Through our APTRA Security Practices and solutions, NCR is protecting
ATMs and other consumer end points from software-based attacks.
Security is a key pillar of our business, and consumers’ trust in
the self service environment can never be compromised.”
In
addition to APTRA Software Security, NCR provides a variety of ATM
security features and solutions:
NCR’s
latest family of ATMs, NCR SelfServ, is the first to introduce a
protected USB architecture that is self-contained within the ATM,
helping mitigate the risk of fraudulent connection of unauthorized
USB devices.
Fraudulent Device Inhibitor (FDI) is an external illuminated hardware
feature or kit that makes it difficult for criminals to attach foreign
devices on or around an NCR ATM card reader.
Intelligent Fraud Detection (IFD) is a unique approach to countering
ATM fraud. Designed to be flexible, NCR IFD can detect a variety
of fraudulent devices that criminals may attempt to add to the ATM
fascia. The deployer receives an instant alert as soon as a fraudulent
device has been added to the ATM, even before any fraud has taken
place.
全球100多家金融機構採用NCR APTRA跨廠商軟件保安方案,保護其ATM及客戶免遭由「內部安全 」引起的卡資料被複製欺詐攻擊
全球自動櫃員機(ATM)領導廠商NCR公司宣佈已售出逾5萬份SolidcoreR for APTRA軟件許可証,該ATM軟件安全方案可阻止未經授權的代碼入侵ATM。Solidcore
for APTRA軟件能?保護系統免遭受由內部引起的信息竊取攻擊。這類攻擊與最近在俄羅斯發生的將ATM機插入惡意代碼的攻擊相似,通常較可能由具備存取ATM權限的內部人員發動。
Solidcore for APTRA整合於NCR APTRA軟件保安方案(NCR APTRA Software Security
solution)內,是唯一經實踐證明能保護系統完整性並防止惡意軟件入侵ATM的保安方案。全球100多家的NCR客戶已在其單一廠商和多廠商的ATM網絡中部署了Solidcore
for APTRA軟件。Solidcore Systems Inc.是一家總部位於美國加州的知名技術供應商,專門保護從設備以至數據中心等各種關鍵IT基礎設施的安全。
Solidcore首席技術官Rosen Sharma表示:「當在業內還只是關注病毒和蠕蟲等網絡威脅時,NCR早就已經認識到未經授權的代碼從各種不同來源入侵對系統所造成的潛在風險,特別是由內部人員所引起的欺詐風險,更是與日俱增。NCR結合了對IT威脅的認識以及對ATM等金融行業服務渠道的深入瞭解,並根據此類自助服務渠道7×24全天候服務的特殊需求,針對性地開發了Solidcore運行時間控制和正常列表技術,以保護ATM免遭未經授權代碼的攻擊。」
Solidcore for APTRA採取積極主動的防護方式,只允許授權代碼運行而不是當攻擊發生之後才作出被動的反應,特別是Solidcore
for APTRA可自動創建和更新正常代碼名單,並將運行環境限制在該名單所列的代碼範圍內。
此外,授權代碼也不能被篡改、?除或竊取,而這正是惡意代碼用自己取代授權代碼的過程。
NCR北亞區總裁周致平表示:「NCR將繼續引領業界保護ATM渠道的安全性和完整性。憑藉我們的APTRA保安實踐經驗及解?方案,NCR可有效保護ATM和其他自助終端免遭各類基於軟件的攻擊。安全是我們業務的重要支柱,消費者對自助服務環境的信任絕不能降低。」
除APTRA軟件保安方案之外,NCR更提供多種ATM保安功能特點及解?方案:
· NCR最新推出的ATM系列NCR SelfServ,是首個引入獨立的受保護USB架構的ATM?品,可降低與未經授權的USB設備連接所導致的欺詐風險。
· 防欺詐裝置預防器(Fraudulent Device Inhibitor, FDI ),一種發光的外部硬件裝置或套件,可防止犯罪分子在NCR
ATM的讀卡器上或附近安裝欺詐裝置。
· 防欺詐智能偵測方案(Intelligent Fraud Detection, IFD),防止ATM欺詐的獨特裝置。NCR
IFD設計靈活,可檢測犯罪分子試圖安裝到ATM面板上的各種欺詐裝置。一旦欺詐裝置被加裝到ATM上,即使欺詐行?尚未發生,IFD也會立即發送警報。
|
