Slide 1

GMV, 2011 FROM SKIMMING TO THE LOGICAL FRAUD, THE NEWCOMING ATM RISK IT & Security Forum - Bucharest Bucharest, 11/10/2011 Reference: GMV-DESCOR-PR-0048

Slide 2

GMV, 2011 11/10/2011Pgina 2IT & Security Forum - Bucharest

Slide 3

GMV, 2011 Traditionally, a lot of attention has been paid to protect ATMs and their users: o Extensive deployment of physical security controls such as anti- skimmers, o Physical manipulation of ATMS is becoming more and more difficult for criminal gangs, o As a result criminal gangs are looking for riskless & sustainable sources of revenue. MALWARE: A GROWING THREAT FOR ATM 11/10/2011Page 3IT & Security Forum - Bucharest The arrival of MS Windows and IP networks has introduced a new and severe hazard for ATMs security very difficult to detect: Malware. The world is experiencing a paradigm shift regarding ATM attacks: o Attacks against ATMs using Malware is a clear trend in Eastern Europe and Latin America, and is becoming a reality in most advanced countries.

Slide 4

GMV, 2011 Purpose of the Malware can be either to get cards data or ATM cash. Difficult to detect: Many security incidents in ATM networks provoked by malware infection are currently not being detected. Difficult to prosecute the criminals. Malicious Software: o To infect the ATM there are several options: direct access to the ATM (maybe by maintenance personnel) to install malicious software or injecting it over the network. o Developing this kind of malware is not a sophisticated task, specially for a well known open systems like Windows. o As an example, Skimer malware expanded in a few countries at the end of 2008. By means of a particularly built card, they were able to instruct the infected ATM to dispense cash. Lost cash was impossible to trace. o In the very near future this type of malware is expected to behave as a worm and be able to self-replicate in an ATM network. 11/10/2011Page 4IT & Security Forum - Bucharest MALWARE: A GROWING THREAT FOR ATM

Slide 5

GMV, 2011 ATM network managers are facing the urgent need to install security controls against Malware. Traditional PC security vendors are adapting their antiviruses for ATMs. But traditional antivirus technology does not fit ATM security needs: o Classical antivirus yields on pattern based recognition algorithms: o No protection against new Malware attacks. o Need to continuous updating of a blacklist full of Malware designed for desktop PC. o They consume a lot of processing resources incompatible with ATM application required time of response. o Malware is evolving to use self-compiling technologies that result in customized versions with unique patterns, so that all instances of the malware look different for a classical antivirus. TRADITIONAL ANTIVIRUSES DONT WORK 11/10/2011Page 5IT & Security Forum - Bucharest

Slide 6

GMV, 2011 ATMs configuration and resources remain very stable. ATMs require one integrated security solution that does three simple tasks: o Generation and management of ATM-specific security policies, that could automatically be translated into rules for security controls. o Enforce these rules using one single, low footprint security process in the ATM. o Centralized monitoring of compliance, including all required audit features. An even more, the concept must evolve only following a roadmap suited to the needs of ATM networks and not constrained by the requirements coming from the huge desktop market. ATMs REQUIRE AN SPECIFIC APPROACH 11/10/2011Page 6IT & Security Forum - Bucharest

Slide 7

GMV, 2011 Protection against unauthorized software execution: o Since an ATM is a well understood, controlled and stable environment, this should be achieved by means of white listing technology. o Permitted execution of software only when it is included in a so called white list, as opposed to black listing, which is the current antivirus technology. Protection against unauthorized use of libraries and drivers. Protection against unauthorized access to ATM hardware devices. Protection against unauthorized access to ATMs files and folders. Protection against unauthorized execution of Java code. Integrity validation of executable files, libraries and drivers. Integrated Firewall to control communications on a per process basis. Configurable keyboard hook. Prevention of generic users and weak passwords. 11/10/2011Page 7IT & Security Forum - Bucharest SECURITY POLICIES

Slide 8

GMV, 2011 CHECKER ATM SECURITY BY GMV

Slide 9

GMV, 2011 CHECKER ATM SECURITY 11/10/2011Page 9IT & Security Forum - Bucharest Checker ATM Security is the first ever security product custom designed to protect ATM platforms and networks. Ensures a high-security ATM environment based in white listing technology to control processes, applications, libraries, devices, directories, communications and files integrity. Provides centralized management and alarms monitoring of ATM's security Checker ATM Security supports PCI-DSS compliance.

Slide 10

GMV, 2011 Multinational conglomerate founded in 1984. Offices in Spain, Portugal, Poland, USA, Germany, Romania and Malaysia. Customers in five continents, Over 1,000 employees all over the world. Roots tied to the Space and Defense industries, currently operating also in Security, Aeronautics, Transportation, Healthcare and ICT industries. Technology Leadership: o Leader in security systems for ATMs. o Ranked #1 Worldwide as Satellite Control Centre provider (Over 230 Satellite missions worldwide have used or are using GMV technology). o Only European company working in the ground segment of NASA. o Main responsible of safety critical systems of European GNSS systems (EGNOS and Galileo). o Since 1994 GMV is leader in GPS based telematic systems for the transport sector. GMV: A TECHNOLOGY MULTINATIONAL 11/10/2011Page 10IT & Security Forum - Bucharest

Slide 11

GMV, 2011 CHECKER ATM SECURITY 11/10/2011Page 11IT & Security Forum - Bucharest Checker ATM Security demo

Slide 12

GMV, 2011 Thanks! www.gmv.com