Diebold, Incorporated (NYSE:DBD) has earned compliance with two important third-party audits that verify its continuous compliance with industry standards for automated teller machine (ATM) security.
Diebold achieved full compliance with ANSI/X9 TR-39-2009 (TR-39) and PCI PIN Review audits for encrypted PIN pad (EPP) and remote key loading (RKL) technologies employed in the company's Opteva ATMs.
As a provider of transaction devices, Diebold is required to periodically audit its manufacturing, packaging and shipping processes for EPPs, as well as its techniques and processes for RKL delivery. The TR-39 and PCI PIN Review audits confirm that Diebold is following ATM security best practices related to the management, handling and encryption of personal identification numbers (PINs) and data. A third-party auditor reviewed a wide array of Diebold's security and process controls, ranging from employee background checks to the use of cameras to record and monitor manufacturing, storage and shipping environments. The auditor also examined Diebold's use of tamper-evident packaging and its mechanisms for tracking products from manufacturing to their end use.
"Achieving full compliance with the rigorous TR-39 and PCI PIN Review audits demonstrates Diebold's commitment to meeting the strict requirements of the payment card industry. This clean bill of health reinforces our vigilant approach to ATM security," said Scott M. Angelo, vice president and chief security officer, Diebold. "While Diebold has the option to perform PCI PIN Review audits internally, the third-party audit provides absolute confirmation of our compliance with industry standards."
TR-39 audits apply to the security of PIN debit transactions within an ATM or point of sale (POS) environments. The guideline addresses security controls from the EPP to the interface delivering the transaction (i.e., the ATM) to the authorizing entity (i.e., the financial institution). The American National Standards Institute (ANSI) oversees TR-39 compliance, which is required in the United States.
Diebold's RKL technology uses public key cryptography, which enables financial institutions to remotely load Data Encryption Standard (DES) keys in ATMs. This capability eliminates the need for personnel to visit each ATM to manually load DES keys, which reduces expenses and human error. In addition, it enhances security as the remote key management process eliminates the need for human beings to have access to ATM keys.
During PCI PIN Reviews, auditors examine vendors' key management practices. They review requirements for properly securing keys via such practices as dual controls, encryption and tamper-resistant devices and packaging. The PCI Security Standards Council governs international PCI PIN Review policies.
Diebold will continue to perform PCI PIN Review audits on an annual basis and TR-39 audits on a biannual basis, as required by the respective governing bodies.
Audit compliance is just one aspect of Diebold's multi-layered approach to ATM security. The company also employs solutions that protect ATMs, as well as financial institutions and their customers, from fraud, digital threats and physical attacks. For example, Diebold's ATM security solutions guard against sophisticated fraud attempts, such as card skimming, PIN interception, dispenser trapping and others. The company's digital security defenses prevent ATM intrusion by locking down all electronic points of entry and monitoring, analyzing and authenticating any external source attempting to connect to the ATM. In addition, Diebold provides a safe environment for consumers to conduct secure transactions at the ATM by implementing features like consumer awareness mirrors and interfaces designed to keep personal information private.