Skip to main content

Challenges Facing the ATM Industry in 2025

Payments Testing
Steve Gilde May 8, 2025
Challenges Facing the ATM Industry in 2025
11:05

Despite dire predictions about the death of cash and the demise of ATMs, both remain vitally important components in the global financial ecosystem. In fact, the ongoing reduction in physical bank branches in some markets has caused a resurgence of sorts in ATM withdrawals and cash purchases. 

For example, Nationwide, Britain’s biggest building society, has recently published data highlighting that ATM transactions and cash usage have risen for the third year in a row. And in Sweden, long an aggressive advocate of the cashless society, its central bank has recently cited several global risk factors as drivers to retain cash as a strategic component in its long-term monetary policies.

There can be no doubt that ATMs remain a vital and vibrant channel for the delivery of cash and other financial services to account holders across the globe. In order to maintain their relevancy and provide the availability, reliability, and security required by the marketplace, ATMs require ongoing maintenance and investment, with 2025 shaping up to be a busy year for fleet operators. 

Along with changes introduced by the Payment Card Industry Data Security Standard Council, such as the requirement for TR31 and TR34 encryption protocols, several additional factors are impacting the ATM channel, including the sunset of Windows 10 and the rollout of Windows 11 IoT LTSC, ongoing issues with fraud and cybersecurity, new government mandated signage requirements, as well as the need to streamline ATM channel operations and reduce costs. 

Key Issues Affecting the ATM Channel in 2025

The following paragraphs provide an overview of several critical issues demanding attention within the ATM channel in 2025. Effectively responding to these challenges requires detailed analysis and planning, as well as a comprehensive execution strategy that includes robust testing tools. 

1. PCI DSS Compliance:  TR-31 and TR-34

PCI DSS 4.0 includes a mandate requiring a more secure method of key management for ATMs. Specifically, the TR-31 standard, which defines how encryption keys are arranged within a key block, became mandatory starting January 1, 2025.  

Additionally, organizations that utilize Remote Key Loading (RKL) to transfer the keys from their processing host will need to implement the TR-34 transport protocol, which supports the secure generation and delivery of keys from the key management system to the ATM. 

Important considerations: 

  • Fleet owners and operators must ensure all their ATMs support encrypting PIN Pads (EPPs) and related ATM software for the TR-31 key block standard. 
  • For organizations that also utilize RKL, TR-34 compliant hardware and software are also required. Older EPP models that do not support TR-34 will need to be upgraded. 
  • Organizations that have not yet completed this upgrade may run into issues with the availability of ATM hardware components and software support, as well as testing and certification conflicts and delays. 
  • Failure to comply with the PCI DSS standards can have significant negative consequences, including the need to take non-conforming ATMs offline. 

2. Windows 10 LTSC End of Life and the Transition to Windows 11 

Microsoft has previously announced that the current and final version (22H2) of Windows 10 Long-Term Servicing Channel (LTSC) will reach its end-of-life on October 14, 2025. That means Microsoft will no longer provide critical security updates and patches, leaving ATMs running the legacy software vulnerable to malware, cyberattacks, and other security breaches, thereby exposing the ATM operator to significant financial risks. 

The most logical response is to upgrade the ATMs to Windows 11 IoT LTSC 2024. This version of Windows is now in General Release (GA) from Microsoft and offers many valuable updates, as well as a predictable 10-year product lifecycle and support plan. 

Important considerations: 

  • ATM operators will need to assess their estate to determine the number of machines running Windows 10 LTSC (and older versions of Windows) in order to fully determine the size and scope of the Windows 11 upgrade. 
  • A detailed upgrade plan should be developed to address not only the Windows software upgrade but also any hardware upgrades or replacements that will be required. (It should be anticipated that some older ATMs will not be compatible with Windows 11.) 
  • Comprehensive testing of the new OS, along with Windows 11-compliant ATM applications and upgraded machines, is necessary to ensure compatibility and stability before deploying this new environment into production. 

atm-testing-in-the-cloud

 

3. Escalating ATM Security Threats 

The ATM channel continues to be a target for increasingly sophisticated security threats, which can be broadly categorized into these main categories: 

  • Skimming: Criminals are employing advanced techniques, including deep-insert skimmers and pinhole cameras, to steal card data and PINs at ATMs. 
  • Physical Attacks: ATM tampering and break-ins are on the rise. The ATM Industry Association (ATMIA) reported a significant year-over-year increase in ATM thefts. Criminals are also employing tactics like "jackpotting" to force ATMs to dispense cash. 
  • Cyber Vulnerabilities: With a networked PC as a core, ATMs are highly susceptible to cyberattacks, including the introduction of malware designed to manipulate cash dispensers. Unsupported software and unpatched vulnerabilities are significant entry points for attackers that are commonly exploited. 

These security threats can lead to significant financial losses for both consumers and the financial institution and its customers. Even a failed attack on an individual ATM can cost thousands of dollars to repair or replace. Additionally, cyberattacks that originate from ATMs can potentially compromise an entire financial network. 

Important considerations: 

  • Implement a multi-layered fraud detection and prevention strategy that encompasses both physical ATM security and cyber defenses. 
  • Maintain up-to-date software and security patches on all ATMs. 
  • Regularly inspect ATMs for signs of tampering, including unusual attachments or loose components, deploy anti-skimming devices, and educate customers on how to avoid ATM skimming. 
  • Expand ATM testing capabilities to include use cases specifically designed to help with the ongoing detection and prevention of fraud. 
  • Consider advanced security solutions like AI-powered monitoring for anomaly detection and behavioral analysis in ATM lobbies. 

ATM criminals are very creative and very persistent. It is critical to stay alert and take every feasible precaution to protect your fleet.

David Tente, Executive Director, USA & Americas, ATMIA 

 

4. New Deposit Insurance Signage Requirements (US Only) 

The Federal Deposit Insurance Corporation (FDIC) has issued new rules regarding digital signage on Insured Depository Institutions' (IDIs) digital channels that accept deposits, including all ATMs. 

While the requirement for displaying the new FDIC official digital signage on existing ATMs has been extended from May 1, 2025, to March 1, 2026, any deposit-taking ATMs put into service after May 1, 2025, must begin to display the new digital signage immediately. 

Important considerations: 

  • The IDI must ensure the FDIC digital sign is clearly and conspicuously displayed on the ATM home screen and on each transaction screen related to deposits by March 1, 2026.  
  • For any new ATMs deployed after May 1, 2025, the new digital signage requirement is mandatory immediately. 
  • To further complicate matters, if the IDI offers non-deposit products at the ATM, specific disclosures about these products not being FDIC insured must be displayed clearly and continuously on the relevant transaction screens, but they must not conflict or interfere with the FDIC signage. 

5. Advanced Task Automation for ATMs 

As the financial services landscape evolves rapidly toward a Digital First future, there is increasing pressure to optimize the operational efficiency of the ATM channel to not only reduce costs, but also deliver the innovative new products and services that sophisticated consumers demand.  

This need to optimize operations is driving a shift away from the manual legacy processes of the past toward advanced task automation

ATM fleet operators that fail to embrace automation risk falling behind their competitors when it comes to delivering a superior customer experience, managing operational costs, and maintaining effective channel security.  

Important considerations: 

  • Explore solutions that offer proactive monitoring of ATMs to predict and prevent issues like cash-outs. 
  • Deploy testing tools and simulators that utilize technologies like virtualization and automation to maximize operational efficiency. 
  • Utilize remote ATM management platforms for efficient incident resolution, software updates, and overall fleet management. 
  • Leverage data analytics to gain insights into ATM usage patterns, customer behavior, and potential security threats. 
  • Consider smart ATMs with features like video banking and remote assistance to enhance customer service, especially in areas with reduced branch presence. 

By proactively addressing these critical issues now, fleet operators can ensure the compliance, efficiency, and security of their ATM channel for the remainder of 2025 and into the future. 

With compliance deadlines spanning the next several years, 2025 is the perfect year to overhaul self-service channels and embrace a proactive, strategic approach to modernization.

2025 is the year to future-proof banking’s ATM and self-service networks

 

How Paragon Can Help 

The changes affecting the ATM channel in 2025 add even more complexity to an already very complex environment, making it even more important than ever for financial services organizations to have efficient ATM testing systems in place. Each fleet operator will need to develop their own unique strategy that not only addresses requirements for this year, but also prepares the organization for the inevitable changes coming in the future.  

Companies that have already invested in modern testing tools and technologies will have a considerable advantage over those who have not. If your ATM operations still rely primarily on manual testing, it's past time for you to consider the advantages that ATM virtualization and automation can provide. 

Faster execution, expanded test coverage, improved quality, increased control and collaboration, as well as remote access to the ATM test environment, will help your developers, testers, and QA resources be successful in 2025 and beyond. 

Interested in learning more about how you can optimize your ATM testing operations? Paragon has extensive knowledge and experience providing innovative ATM testing solutions to the financial services industry. Contact us today to learn more. 

Request a Consultation

Stay in the Know!

Check out our newsletter and stay up to date about the latest trends.
webft-test-data-edit-laptop-1

Free Guide to Payment Testing

Read our free guide to explore a number of key concepts, issues and challenges specifically related to payment testing.
Read the Guide

Related posts

Read Blog
Payments Testing - May 1, 2025
The Importance of Building a Good Test Case Workflow
Clyde Van Blarcum Author at Paragon
Read Blog
Payments Testing - April 24, 2025
Payment System Testing Drives Efficiency & Profitability
Paragon Application Systems Author at Paragon
Read Blog
Payments Testing - April 21, 2025
Rethinking Point-of-Sale Test Case Management
Clyde Van Blarcum Author at Paragon