The siren call of Microsoft Corp.'s Windows operating system has been tempting more financial-institution deployers of automated teller machines. Windows' sweet melody offers the same plug-and-play flexibility on ATMs that has made it the ubiquitous operating system on millions of personal computers. But Windows also brings its discordant vulnerability to electronic viruses that until recently have not infected ATMs.
  By early 2006, International Business Machines Corp. will stop supporting the OS/2 operating system still widely used to run ATMs. Windows is expected to replace OS/2 as the dominant operating system as deployers replace machines.
  Indeed, most manufacturers already are shipping Windows-driven ATMs. And some industry insiders are even referring to these machines as "WinATMs." Windows' capability in supporting multi-media graphics is especially attractive to ATM owners.
  Steve Grzymkowski, senior product marketing manager for Diebold Inc., says banks are choosing the Windows-based ATMs. "We still are shipping OS/2," he says. "But more are shipping with Windows."
  But viruses specifically written for Windows by hackers can compromise the operating system.
  North Canton, Ohio-based Diebold, the nation's largest ATM maker, reported that an unknown number of its Windows-based ATMs were shut down by the Nachi computer virus in August. Diebold won't identify the financial institution that owns the machines.
  Grzymkowski says Diebold doesn't know how its ATMs became infected with the Nachi "worm," but the problem was quickly remedied.
  The incident shows that financial institutions that want to use Windows-based ATMs also must be aware of their vulnerability to problems such as viruses, especially when the machines are connected to internal networks using TCP/IP, Internet-based communications.
  Diebold is bundling the Sygate firewall on all its units with the Windows XP operating system to mitigate such vulnerabilities. The Nachi worm is different from the so-called Slammer worm that infected Windows-based computer networks and ATMs earlier in 2003.
  Slammer did a massive replication of itself and overloaded databases that ATMs connected to internal networks depend on for communications. Thousands of Bank of America ATMs from multiple manufacturers were shut down when they could not communicate with the bank's network.
  "This is not just a Diebold issue and not just an ATM problem," Grzymkowski notes.
  NCR Corp., Diebold's competitor, begs to differ.
  Phil Kasper, NCR's vice president of marketing, says he has not received any reports of NCR ATMs becoming infected with Nachi or any other virus. About 20% of NCR's machines are now delivered with a Windows-based operating system, mostly Windows XP.
  But by 2006 about 80% of NCR's new ATM shipments will use Windows XP and by 2012 most U.S. ATMs will use a Windows system, according to Kasper.
  Yet, both NCR and Diebold are stiffening virus protection on Windows-based ATMs. NCR is using existing security features on Windows XP, but it believes firewalls, although effective, limit ATM flexibility, Kasper says.
  Diebold's view is that firewalls currently are the most effective virus prevention at the machine level, says Grzymkowski. "We believe the ATM will be efficiently walled off" by using firewalls, he says.
  Ultimately, Kasper says, the deployer or a third party that drives smaller financial institutions' ATMs will be responsible for choosing the most effective measures against such viruses.

Subscribe Now

Authoritative analysis and perspective for every segment of the payments industry

14-Day Free Trial

Authoritative analysis and perspective for every segment of the industry