ATM security review for Banks

Automated teller machines (ATMs) and other technologies make cash easily available to customers. For retail banks, however, the cost and complexity of operating these technologies continues to rise across the entire cash supply chain–from holding, counting and validating cash to processing, transporting and protecting it.

ATMs today provide more functionality through more advanced operating systems, enhanced security features and additional account services. Similarly, more advanced hardware features include cash recycling and optical scanning to improve counting accuracy.

ATMs are targets for fraud, robberies and other security breaches. Today hackers are becoming more skillful and are able to bypass anti-skimming devices and encryption software and other theft deterrents. Financial organizations need to invest in many layers of ATM protection. Therefore, defense for ATMs should include a combination of penetration testing and layers of security processes and controls to help protect the machine and connected infrastructure. While financial institution ensure good physical security for ATMs, ATM Networks security measures are in need of constant monitoring and upgrading.


How can Deloitte help?

Deloitte helps clients by performing ATM security assessment as well as providing assistance in reaching best industry standards, related to the following segments:

  • Network Review - involves reviewing the ATM network to identify possible vulnerabilities in the ATM/POS environment.
  • Penetration Testing - performed on the ATM environment with to regard to international security standards and best industry practice.
  • Remote Access Review – aimed to identify vulnerabilities in ATM systems, networks, and applications.
  • Local Network Access review – identify and analyze the level of security established in the environment.
  • Physical Access Review - includes identifying physical devices, access points, and network hardware that are unprotected.
  • ATM Software Review - identifying application vulnerabilities and flaws including identifying errors in input validation, authorization, authentication, and possible flaws in other network services.
  • Review of Control activities - review of the security policies and procedures established and enforced to protect the ATM environment.
  • Service provider responsibilities – security measures gap assessment.

Devoting time on these assessments can help you minimize potential financial loses in the dynamic ATM security environment.



Dejan Perić

Dejan Perić

Director, Risk Advisory

Dejan, a BA in business management, is a Director in Deloitte’s Serbian Risk Advisory – IT Risk and Controls practice with more than 17 years of professional experience. He made his career by leading ... More

Borko Mijic

Borko Mijic


Borko is a Manager in Risk Advisory team in Serbia, he is responsible for advising clients on risk advisory matters including IT Regulatory and compliance Audits, IT Assessment, Business IT Support Sy... More