The ATM Industry Association (www.atmia.com) published updated and expanded international best practices for ATM operating software. The objective of the manual is to enable members to establish a comprehensive software security policy to deal with today’s emerging threats of ATM cyber attacks.

“ATMIA conducted a global online ATM fraud survey last month, which attracted responses from security and ATM managers in 37 countries, and cyber attacks were rated the third top threat facing the ATM industry,” says Mike Lee, CEO of ATMIA, “This reinforces the need for this updated software security guidebook.”

With a mass migration well advanced in the industry to the more open environment of Windows XP away from proprietary systems, the need to defend against evolving software threats, from malware and Trojans to denial-of-service attacks, has increased, the association says.

The scope of the manual covers governance of all ATM software up to the point at which the ATM plugs into the communication link to the host system. The second edition includes significant updates as well as new material on preventing insider fraud, security for emerging technologies, and an essay on the Ten Immutable Laws of ATM Security.

“Card data that can be stolen from ATMs through software-based attacks is becoming more valuable than the cash held in the ATM itself,” the manual’s technical editor, Peter Kulik, writes in the foreword. “Further, software-based attacks are a ‘silent crime’—difficult to detect and far less dramatic than other forms of ATM crime—and so we expect the extent of this crime is likely underestimated by our industry today.”

“The ATM has been an extraordinarily reliable and trusted self-service system for cardholders for 40 years but it needs to be protected from new threats, “ Lee adds. “We are beginning to see evidence that criminals are trying out ATM software as a possible new frontier of fraud. The goal of this guide is to fend off potential ATM software attackers.”

The first version of the software security manual was published in September of 2009. For more information, contact Mike Lee, CEO, at This e-mail address is being protected from spam bots, you need JavaScript enabled to view it