Banking Networks Victims Of Security Flaws And Holes

Jul 8, 2008 3:34 PM


         Subscribe in NewsGator Online   Subscribe in Bloglines

TraceSecurity, a provider of security compliance and risk management systems, contends that the case of Citibank customers--whose funds were hacked via the connection between ATMs and third parties processing their PIN codes--is just the tip of the iceberg when it comes to the overall security and compliance of the networks that process ATM transactions. Over the past five years, TraceSecurity personnel have uncovered thousands of un-patched ATM processing servers while performing routine security compliance inspections. TraceSecurity is responsible for performing annual audits and inspections for firms in the financial services space to ensure they are complying with industry and government regulations that help protect consumers' sensitive data as well as the funds in their accounts.

"Most people's home personal computers are better protected from malicious hackers than many ATM servers," says Jim Stickley, CTO and vice president of strategy and solutions at TraceSecurity. "Financial institutions are failing to perform patch updates to ATM servers often because third party vendors are not approving the patches to be applied to systems running their ATM software. As a result, hackers could easily exploit known security holes in operating systems such as Microsoft, which are used by many ATM solutions available today."

In addition, TraceSecurity has found that many financial institutions are not placing their ATM servers into secured private segments on the network. This means that anyone with basic access to the network can eavesdrop on the data and transactions being processed by the ATMs and hack away at un-patched services. Officials at TraceSecurity recommend that ATMs should always be segmented onto their own network segments with tight access controls in place.

Stickley adds: "Financial institutions need to do a much better job at setting up their network infrastructure. Unfortunately, many organizations make the assumption that as long as the servers are behind a firewall they are safe. That is simply not the case."

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

Today's New Product

Product 1 Image

Privaris Biometric Verification Software

In support of the Privaris family of personal identity verification tokens for secure physical and IT access, an updated version of its plusID Manager Version 2.0 software extends the capabilities and convenience to administer and enroll biometric tokens. The software offers multi-client support, import and export functionality, more extensive reporting features and a key server for a more convenient method of securing tokens to the issuing organization.

To read more...


Govt Security

Cover

SUBSCRIBE

This month in Access Control

Latest Jobs

Popular Stories

Resources

Webinar

A Cost-Effective Framework For Total Security Integration

Join AC&SS and MAXxess as they review two different IP-framework applications
Wednesday, July 30, 2008 at 2:00pm ET/11:00am PT

Register Now!

Back to Top