Ever since the major card brands mandated that information needed to process ATM transactions should only be communicated with the highest levels of encryption, ATMs have been largely isolated from the larger battles over information and data security.
Sure, ATMs always faced a few of their own, unique, threats. Opportunistic thieves could modify ATMs to capture card information and personal identification numbers from unwitting consumers. And individual ATMs have always been somewhat vulnerable to thieves simply uprooting them and carrying them away to force open somewhere else.
But, by and large, ATMs have been secure from the threat that hackers are going to compromise their networks to steal cardholder data.
But that may be changing. As new threats and channel integrations emerge – note Diebold’s recent launch of an ATM that syncs with smartphones – the ATM industry also is reacting in new ways.
Today, Houston-based Cardtronics, the world's largest independent deployer of ATMs, announced that it was establishing a new position of chief information security officer. Jerry Garcia, who spent the past 10 years designing and developing the information technology systems the company uses to run its business, will now focus exclusively on Cardtronics' information security program as its new CISO, the firm announced.
"As the world's largest retail ATM owner, as the operator of a global ATM fleet approaching 63,000 machines, Cardtronics has a responsibility to its clients, consumers and our shareholders to be a model of excellence in information technology and security," said Steve Rathgaber, chief executive officer, Cardtronics.
"The creation of a dedicated information security officer role emphasizes Cardtronics' commitment to industry-leading security systems, and Jerry Garcia, the architect of the IT landscape at Cardtronics, makes for an ideal candidate to exercise enterprise-wide oversight of our information security program."
Cardtronics’ creation of a CISO position signals that the company may be positioning itself for a time when ATM networks may begin to find themselves more vulnerable to information security attacks than they have previously been.
Credit unions and credit union-owned ATM networks should prudently evaluate and prepare for this risk.