Share this
ATM Security Update: Currency Theft from 6688 in North America
by admin
Summary:
NCR has received multiple reports of thefts of cash from 6688 ATMs in North America. Most of the reports have come from Nevada and Texas, but customers should be aware that these thefts can spread, and that preventative actions must be taken on all 6688 models.
The method of the theft is by opening the ATM top box (sometimes called the “top hat”) and then by fishing notes from the currency dispenser reject bin, through the opening in the safe. The safe is not opened or breached. A key is required to open the ATM top box. All attacked ATMs were fitted with a common top box lock/key, and video evidence shows criminals are using a key to open the top box, indicating that they have obtained one or more of the common keys.
Recommendations:
- Any ATM located in an unattended, unprotected environment MUST NOT use common keys. All NCR ATMs are available with a choice of common, customer specific or ATM unique keys. For any ATMs in North America which are in unattended, unprotected environments, NCR strongly recommends immediate replacement of the common lock/key with a customer specific lock/key. NCR has kits available now which can be used for such replacement. This recommendation should be viewed as mandatory.
- Any Front Access ATM with an S2 dispenser must be configured to park the carriage over the reject bin during idle operation. This function is known as Programmable Park, and will prevent access to the reject bin when the ATM top box is open. NCR professional Services can assist with this configuration option.
- Deploy defense in depth. Physical protection must always be complimented with appropriate monitoring and alarming; consider both silent and deterrent alarms upon unauthorized opening of the top box. Deterrent alarms may be implemented as sirens, lights, or smoke. Messaging can be added to the ATM screen to report that unauthorized access has been detected.
- Keep dispenser software and firmware up to date. This ensures that any configuration recommendations can be applied and that the dispenser is protected against all currently known attacks. For the S2 dispenser, the minimum software/firmware is currently USBMediaDispenser 03.04.00, firmware 0x0118. This software can be applied using APTRA XFS Dispenser Security Update 01.00.00
References:
- Security is Not an Option White Paper: Cabinet Locks
- Security is Not an Option White Paper: Dispenser Security Solution
- APTRA XFS Security Update Package 01.00.00 Release Notes
Share this
- 2024 March (2)
- 2024 February (1)
- 2023 December (1)
- 2023 October (3)
- 2023 September (1)
- 2023 August (3)
- 2023 July (2)
- 2023 June (2)
- 2023 May (2)
- 2023 April (1)
- 2023 March (2)
- 2023 February (1)
- 2023 January (2)
- 2022 December (4)
- 2022 November (5)
- 2022 October (1)
- 2022 September (5)
- 2022 August (3)
- 2022 July (1)
- 2022 May (1)
- 2022 April (2)
- 2022 March (1)
- 2022 January (1)
- 2021 October (4)
- 2021 September (2)
- 2021 August (2)
- 2021 June (1)
- 2021 May (1)
- 2021 April (2)
- 2020 December (1)
- 2020 October (1)
- 2020 May (2)
- 2020 March (3)
- 2020 February (1)
- 2020 January (1)
- 2019 October (1)
- 2019 September (1)
- 2019 May (1)
- 2019 March (2)
- 2019 January (3)
- 2018 November (2)
- 2018 August (1)
- 2018 July (2)
- 2018 June (1)
- 2018 May (1)
- 2018 April (2)
- 2018 March (1)
- 2018 January (1)
- 2017 December (1)
- 2017 November (2)
- 2017 October (2)
- 2017 September (1)
- 2017 August (2)
- 2017 June (2)
- 2017 May (3)
- 2017 April (1)
- 2017 March (2)
- 2017 February (3)
- 2017 January (1)
- 2016 December (2)
- 2016 November (1)
- 2016 October (3)
- 2016 September (2)
- 2016 August (2)
- 2016 July (2)
- 2016 June (2)
- 2016 May (2)
- 2016 April (2)
- 2016 March (3)
- 2016 February (3)
- 2016 January (4)
- 2015 December (1)
- 2015 November (2)
- 2015 October (4)
- 2015 September (3)
- 2015 August (1)
- 2015 July (2)
- 2015 June (3)
- 2015 May (4)
- 2015 April (4)
- 2015 March (2)