Should ATMs Do Windows?

The anticipated migration of automated teller machines from IBM's OS/2 to Microsoft Windows XP is expected to come with a slew of new security issues, an NCR official and analyst cautioned recently. But one credit union already running its ATMs on Windows says it's confident its machines can withstand breaches.

Currently 35,000 ATMs are deployed across Canada, says Stephen Risto, director of the Toronto-based APTRA Software Centre of Expertise at NCR, which makes ATM software and hardware. The machines are "extremely well-used" because "Canadians love the self-service channel." But ATMs still run on the same technology they were using when they were first introduced in the 1970s; they still sport a black, green, or blue screen with text, "one of the most basic interfaces," says Risto.

Comparing the migration to Windows XP to a "brain transplant," Risto says it will fundamentally change the way ATMs are used by both consumers and the financial institutions or retailers that deploy them.

Windows' Advantages

From a functional viewpoint, Windows-based ATMs could pave the way for new capabilities. They could "talk" to people with disabilities, via a text-to-speech engine; or support image-based deposits, in which the system takes a digital image of the check (not enclosed in an envelope) and prints the image on the back of the customer's deposit receipt as proof of the deposit. Windows enables greater personalization and can accommodate customer preferences like a choice of languages, fast-cash options, and screen colors. Such ATMs could also support targeted marketing of other financial services or products using already accumulated business intelligence.

The Credit Union Central of Manitoba (CUCM) has run Windows NT-based ATMs since 2001. Dale Thompson, vice president of network services for Celero Solutions, which takes care of CUCM's IT needs, says Windows has given CUCM's more than 60 member credit unions the ability to customize interfaces for their users.

"That makes it look like [customers are] dealing with their own credit union," Thompson says. He doesn't expect to move to XP this year, but says it must happen eventually because Microsoft ends support for NT next year.

One thing that could put a damper on Windows-based ATMs' service is the issue of security. ATM maker Diebold recently revealed that some of its ATMs, operated by two of its financial services customers, suffered a W32/Nachi worm attack in August.

Planning Ahead

Jamie Sharp, research director for customer segments with IDC Canada, agrees that with a move to a more "generically flavored operating system," the possibility of vulnerabilities and attacks could "go up with magnitude." To compensate, companies would have to spend more time "hardening" the installations of Windows they ship with their ATMs. That would involve disabling unnecessary services and ports and removing files that support peripheral devices used by ATMs.

Celero's Thompson says he's always found ATMs "really hard to break into," because "they really are a single-purpose device." Thompson says the trick is to isolate the traffic on the ATMs from the rest of the traffic happening on the wide-area network. "That way, all that will be allowed through to that [ATM] device is the messages destined for it, and that eliminates viruses and worms and those kinds of things."

Risto notes that along with moving to Windows, banks will also begin shifting their ATMs from expensive leased-line networks to less-secure TCP/IP-based networks. "In theory, [this move] would make ATMs more vulnerable," Risto says. That calls for "defense in depth with multiple layers of security," including installing firewalls and "having all the pieces in place so that recovery is possible," he adds.

This story, "Should ATMs Do Windows?" was originally published by Computerworld.

Shop Tech Products at Amazon