Alan D. Falconer - PowerPoint PPT Presentation

1 / 25
About This Presentation
Title:

Alan D. Falconer

Description:

Alan D. Falconer – PowerPoint PPT presentation

Number of Views:150
Avg rating:3.0/5.0
Slides: 26
Provided by: valuedg400
Category:
Tags: alan | facial | falconer

less

Transcript and Presenter's Notes

Title: Alan D. Falconer


1
Can You Afford Not To Regulation Issues and
Your ATMs
  • Alan D. Falconer
  • Senior Vice President
  • Paragon Data Services
  • June 27, 2001

2
Agenda
  • Introduction
  • ATM Transaction Trends
  • Overview of Regulation Areas and Focus
  • ADA Access Update
  • Biometrics
  • PIN and Key Management
  • Questions and Answers

3
Introduction
  • Management/Systems consulting company
  • Financial Systems Focus
  • Financial, Networks, Energy Markets
  • Sr. Vice President Alan Falconer
  • 28 years solutions-based information technology
  • 21 years ATM/EFT systems management
  • www.paragondataservices.com
  • afalconer_at_paragondataservices.com

4
ATM Trends Transactions
Transaction Volume
Billions
Source TowerGroup
5
ATM Trends Transactions
Core American Mainstay
Barbie Has an ATM
6
Risk/Fraud Areas
  • Physical Cash Handling Access
  • Physical Customer Access
  • ADA Pending Issues
  • Virtual Customer Identification
  • Biometric Access Management
  • PIN Management
  • Risk of Fraudulent Breach and Non-compliance
  • Lawsuits from ADA
  • Processor sanction pass-thru fines

7
Accessibility - Audio
  • ADAAG compliance proposal dated 4-2-02
  • Hearings are now closed
  • access-board.gov/ada-aba/status.htm
  • DOJ to decide on proposal within a year
  • USATBCB ruling for includes
  • All displayed information for full use shall be
    access to and independently usable by individuals
    with visual impairments in-the-box
  • Speech output on all new and refurbished ATMs
  • Receipt information in audio form

8
Accessibility - Audio
  • Ruling for visually impaired does not require
  • PIN-based POS to be speech enabled
  • Extraneous receipt info (account, date, time)
  • Commercial functions (ads, statements)
  • Approach
  • Talk to your ATM providers
  • Text to speech technology
  • Start planning now ruling will very likely be
    law by 2004

9
Biometrics - Advantages
  • Added cross-platform transactions greater need
    for customer identification
  • Technology continues to gain capability
  • Fingerprint scanning low false negative rate
    .02
  • MasterCard PEFCU
  • Iris-imaging less intrusive picture taking
  • Facial-imaging lower false negative rates
  • Costs continue to come down

10
Biometrics - Challenges
  • False negative rates still higher than card
  • Vandal issues
  • Intrusive perception
  • Card back-up off-site and failure
  • Cost
  • Facial, Iris or Hand scan 1,000
  • Fingerprint optical 700
  • Fingerprint chip 200
  • Voice Recognition 150

11
PIN Management
  • DES History
  • Data Encryption Standard (DES)
  • Developed by IBM in mid 1970s
  • Adopted by NIST in 1977
  • Approved by ANSI (X3.92) in 1981
  • Binary key used to encrypt and decrypt data
  • Algorithm is public domain keys are unique
  • NO known cases of fraud based on a breach of DES

12
PIN Management
  • DES CRACKED
  • Marketing Campaign Break our secret encoded
    message win 10 Grand
  • Contest started in 1997 - 10,000 first prize
  • 18Q keys in 96 days 7B keys/sec
  • 1998 broken in 56 hours DEEP CRACK
  • Single computer (250K) 88B keys/sec
  • 1999 broken in 22 hours 15 minutes
  • Worldwide network of PCs (100K) 245B keys/sec

13
PIN Management
  • DES Stats
  • DES uses 56 bit keys
  • Over 72.057594 Quadrillion possible keys not
    enough
  • Exhaustive Search breaks single DES (256)
  • ANSI X9.52 defines DES-EDE (2K3DES)
    C EK3 (DK2 (EK1 (M)))
  • Keying options all three independent, all three
    equal, 1 and 2 independent with 1 and 3 equal
    (keys 128 bits)

14
PIN Management
  • DES Changes
  • US Defense Department dumped single DES
  • EFT industry to adopt Triple DES
  • MasterCard/CIRRUS set the bar in 2001
  • Member ATMs Triple DES compliant by 4-1-02
  • ATM vendors and DES box vendors working to
    provide required hardware

15
PIN Management
  • As of April 1 2002
  • no ATM vendor had shipped triple DES ATM as
    standard configuration
  • no network had certified a triple DES ATM
  • few DES box providers have shipped their triple
    DES secure boxes
  • Compliant vs. Capable wording change has
    impact

16
Capable Teenage Daughter
17
Compliant Teenage Daughter
18
PIN Management
  • MasterCard Update
  • April 1, 2002 All newly-installed ATMs,
    newly-installed merchant terminals that accept
    PINS and Cardholder Activated Terminals must be
    Triple DES capable. That is, they must be
    capable of processing Triple DES at the point of
    interaction. Newly installed also includes
    replaced and relocated ATMs and POI terminals.
  • April 1, 2003 All member and processor host
    systems must use Triple DES requirements for
    PIN-based transactions that take place at Triple
    DES compliant POI devices. All ATMs and POI
    devices installed, replaced or relocated since
    April 1, 2002 must be Triple DES Compliant.
  • April 1, 2005 All ATMs must be Triple DES
    compliant

MasterCard Global Deposit Access Operations
Bulletin, No. 3, March 29, 2002
19
PIN Management
  • ATM Vendor Update Capable
  • Diebold All currently manufactured ATMs
  • (No 5000, 9000, 1060, 1061, 1070i, CSP,
    CSP100)
  • Fujitsu Series 8000, 7000AP, Series 7000
  • (No Series 1000, 2000, 4000, 6000)
  • NCR 6000 Series, Personas, EasyPoint
  • (No 2700, 5070, 5081, 5084, 5085, 5088)
  • Triton All currently manufactured ATMs
  • (No 9500 (GTI upgrade kit), Scrip 9000)
  • Wincor-Nixdorf All ATMs delivered in the last
    eight years

20
PIN Management
  • ATM Vendor Update Compliant
  • Diebold Encrypted PIN Pad (EPP)
  • new shipments (800-1,000 upgrade)
  • Fujitsu Keyboard changes
  • new shipments (1,700 upgrade)
  • NCR Keyboard changes
  • new shipments (no upgrade info)
  • Triton Secure PIN Entry Device (SPED)
    new shipments
    (reasonable)
  • Wincor-Nixdorf Keyboard changes
  • new shipments (no upgrade info)

21
PIN Management
  • Secure Device Vendor Update
  • HP Carries Atalla product line
  • atalla.nonstop.compaq.com A10000E NSP 34K-38K
  • Futurex Carries Excrypt product line
  • www.futurex.com 7000 line to carry 3DES
  • Thales Carries former Racal Line
    www.thales-esecurity.com HSM host security
    modules
  • Carries protect series
  • www.eracom-tech.com protecthost white ESM2000

22
PIN Management
  • Recommendations
  • Verify and contract that any new purchased ATM is
    Triple DES COMPLIANT
  • Contract with your ATM provider should you wish
    to relocate or re-deploy any ATM regarding cost
    for upgrade to Triple DES compliance
  • Review each ATM in your network as to its Triple
    DES compliance if not
  • replace it
  • remove it from your acquirer network by 4-1-2005

23
PIN Management
  • Recommendations
  • Review current key management processes
    no Post-It notes, no single control
  • Investigate initial key load software and
    hardware options
  • A98
  • Diebold
  • Excrypt
  • Paragon Data Services
  • Schedule Certification testing with eFunds as
    early as possible

24
Does Mattel Realize?This is NOT Triple DES
Compliant, Capable or Speech-Enabled
Barbie Has a RISKY ATM
25
Questions and Answers
  • QA taken after Chuck Bram presentation
  • Download a copy of this presentation
  • www.paragondataservices.com
  • news and perspectives
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Alan D. Falconer" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!