It appears to be a perfect time to talk about ATM security.
The topic was thrust into the spotlight this week when MasterCard Inc. issued an October, 2016 liability-shift deadline for ATM owners to accept EMV smartcards in the U.S.
The Payments Card Industry Security Standards Council is likely to benefit from that heightened awareness as it seeks feedback on the draft of its ATM Security Guidelines Information Supplement, of which a final version is planned for release later this year.
The document provides best practices to mitigate the effect of attacks to ATMs aimed at stealing PIN and account data, the council said Sept. 14 at its North American Community Meeting in Orlando, Fla.
Participating Organizations have until Nov. 13, 2012 to review the draft guidelines supplement and provide comments on the council's website portal for specifically for those organizations.
The PIN and account information present in ATMs has become a growing target for criminals who use this stolen information to produce counterfeit cards for fraudulent transactions, primarily ATM cash withdrawals, the council stated in a press release.
The draft supplement introduces those involved with ATMs to information about keeping an entire ATM secure and overall ATM testing, which will eventually lead to guidelines that expand upon PCI's current standards for ATM PIN pads.
The council has developed a set of compromise-prevention best practices based on existing standards from a number of industries, including IT, security, payment card and ATM that stakeholders can leverage in their ATM security efforts.
The guidelines will address ATM software, hardware, and device components of the ATM. The council wants to provide the final document as a security guide for ATM manufacturers, hardware and software integrators and deployers of ATMs.
"We rely on industry feedback to develop PCI standards and resources," Bob Russo, PCI council general manager, said in the press release. "By sharing an early version of the guidelines with the PCI community, we're aiming to ensure these best practices reflect the key challenges and areas of concerns when it comes to addressing ATM security."
The draft guidelines will also be part of council discussions with Participating Organizations and assessors at the PCI Community Meeting in Dublin, Ireland on Oct. 22-24.