Diebold-designed ValiTech strengthens access control at ATMs

Oct. 19, 2009
Solution uses secure USB device to identify, authorize vaild ATM technicians

NORTH CANTON, Ohio, Oct. 19 /PRNewswire-FirstCall/ -- As attacks against automated teller machines (ATMs) and customer transaction data become increasingly sophisticated, effectively authenticating all users at the self-service channel is growing more critical by the day for financial institutions. To help strengthen access control during service calls, Diebold, Incorporated has released ValiTech,a two-factor authentication technology that uses a secure USB device to identify and authorize technicians who service ATMs. An important component of Diebold's multilayered security strategy, ValiTech works in concert with Diebold security technologies designed to protect the entire ATM channel.

Engineered in-house by Diebold for heightened security efficiency, ValiTech is an innovative solution that provides authorized Diebold service personnel with secure access to the system level of the ATM. This technology not only delivers an additional layer of protection for financial institutions through access control, it also provides a detailed audit trail. Moreover, Diebold's ValiTech technology helps financial institutions comply with important Payment Card Industry Data Security Standards (PCI DSS) developed and enforced by PCI's Security Standards Council.

Prior to the introduction of ValiTech, Diebold technicians had to secure a temporary password, provided by the financial institution, each time a service call required a technician to access the system level of the ATM. This practice holds true for any service technician accessing an institution's ATM, requiring multiple calls and generating numerous temporary passwords. Diebold's ValiTech links each authorized service technician to a USB hardware cryptographic device - or token - using a digital certificate from VeriSign.

Access is further controlled through a PIN or pass phrase, set by and known only to the technician, which ties the technician to the digital certificate and the USB device. Through ValiTech, the ATM can uniquely identify the authorized Diebold associate who is accessing the system and grant restricted authorization to the unit's system functions based on the technician's role and status. ValiTech then creates a unique audit trail documenting each time a technician is granted access and records all menu activities executed during the service call.

"Deploying effective authentication for an entire ATM fleet can be time-consuming and costly. ValiTech, which can be expertly implemented, managed and maintained by our Premier Services' technicians, offers our customers a higher level of security while relieving them from the additional workload and resources needed to create, track and reset system-level user names and passwords," said Charles E. Ducey, Jr., senior vice president, global development and services, Diebold. "At a time when sensitive cardholder data requires increasing protection, ValiTech can help financial institutions close the security gap between temporary passwords and ATM access."