NCR Corporation has extended its security offering through a new agreement with McAfee. NCR has begun offering Solidcore Suite for APTRA for use with the McAfee ePolicy Orchestrator (McAfee ePO) platform, which protects and simplifies security through end-to-end network visibility and automated delivery of security responses. More than 92 percent of the world’s largest banks run McAfee.
Solidcore Suite for APTRA is a multivendor ATM software security solution with real-time centralized management that prohibits the introduction of unauthorized code to an ATM and protects the system from insider attacks.
As part of the agreement, NCR and McAfee have developed a new version of Solidcore Suite for APTRA that runs seamlessly with McAfee ePO software. NCR will sell Solidcore Suite for APTRA to its financial services customers currently running McAfee ePO software within their organizations for security management, as well as introducing Solidcore Suite and McAfee ePO software to new customers.
“Card security is paramount for us,” said Alexander Vishnyakov, director of card business and remote service department at UniCredit, one of Russia’s largest financial services companies. “We chose NCR’s security solution as it prevents all types of malicious software manipulation in real time and is easy to manage, giving our ATM network 24/7 protection. We found that NCR is the only company offering proactive solutions to ATM security. With Solidcore for APTRA we can ultimately reduce our equipment installation and service costs, while providing greater protection to our network.”
Attacks on ATMs are on the rise worldwide, costing financial institutions, governments and consumers billions of dollars each year, and damage to financial institutions’ reputations with their customers and significantly reducing banks and credit unions’ ATM uptime.
More than 11 million people are affected globally by security threats to the payments industry, and the total cost of this fraud is $54 billion according to recent research from Javelin Strategy & Research.
“By working with NCR to deliver McAfee® Integrity Control for ATMs through the Solidcore Suite for APTRA in a McAfee ePO platform environment, we are able to provide unified management capabilities to financial services companies where they need it most: their ATM network,” said Thomas Moore, vice president of OEM Alliances at McAfee. “NCR has been a leading name in ATMs for decades, and we are pleased that they have recognized the effectiveness of McAfee-based security solutions enough to offer them to their customers.”
Solidcore Suite for APTRA proactively allows only authorized code to run, rather than reacting to known or unknown attacks as they arise. Specifically, Solidcore Suite for APTRA automatically creates and updates the inventory of good code, also protecting the system’s memory so that authorized code cannot be modified, deleted or hijacked – the process in which malicious code replaces authorized code with itself.
“Most software security solutions that are out there today are based on technology that is old. In most cases, manufacturers and financial institutions can not apply a security solution until a security problem becomes known and they have time to build a solution. NCR sees this as just fixing the symptoms. The real root problem is the potential damage from unauthorized code in any form from unauthorized sources. This is what makes Solidcore Suite for APTRA different from everything else – it protects the system from all unauthorized code – known or unknown,” said Michael O’Laughlin, vice president and general manager of NCR Financial Services. “Running McAfee ePolicy Orchestrator software and Solidcore Suite for APTRA can help financial institutions more efficiently and effectively protect and monitor their ATM network.”
In a recent test by NSS Labs, NCR ATMs running Solidcore for APTRA achieved a protective rating of 99.8 percent and prevented the unauthorized execution of 100 percent of the 15,557 malware samples on the locked down Windows platform.
In addition to software security, NCR was the first ATM manufacturer to achieve PA-DSS validation for its global APTRA software applications. PCI-DSS is a comprehensive standard intended to help organizations proactively protect customer account data, through requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. Solidcore Suite for APTRA eases the burden of compliance with real time reporting so that the financial institution can be immediately alerted if any attempts to update the system are made.
Using its long history in the area of standards compliance certification, NCR Services also provides consultancy services to support financial institutions in the process of working towards PCI compliance. This includes active contribution to international industry standards bodies such as PCI as well as delivering standards compliant products and services.
In addition to the USB protection that Solidcore Suite for APTRA offers, NCR’s latest family of ATMs, NCR SelfServ, is the first to introduce a protected USB architecture that is self-contained within the ATM, helping mitigate the risk of fraudulent connection of unauthorized USB devices and the risk of insider attacks.