Skip to main content

PCI DSS 4.0 Changes: Is Your ATM Fleet Ready for 2024?

Steve Gilde February 8, 2024
Credit card and ATM

Political unrest, natural disasters, economic turmoil, and fraudsters armed with new AI capabilities mean that security and compliance are top concerns for any financial institution.

Protecting your organization and its shareholders requires a concentrated and well-coordinated multi-layered strategy, as well as precise execution. For ATM fleet owners, this means that all of your operational components, including ATM hardware, application software, networking infrastructure, and authorization systems, must be maintained in perfect running condition at all times. 

And to help ensure that every payment industry participant works together to protect the integrity of the entire financial system, there exists a complex fabric of network and card brand mandates, as well as national, regional and global legislation that is intended to help develop, promote, and in many cases enforce, the rules and standards that we all live with every day.

The Payment Card Industry Security Standards Council is one such industry organization. Founded in 2004 by several large card brands, this group is dedicated to promoting payment industry security by protecting cardholder data and fighting fraud. Their first set of standards, PCI Data Security Standard v1.0 was published in 2004.

The payment industry has evolved significantly in the past 20 years and so has PCI. The current version of their standards, PCI DSS v4.0, was released in March 2022 and addresses a wide range of topics designed to help organizations keep the payment system secure – including a few items that could make 2024 an especially challenging year for ATM fleet owners.

New call-to-action

Time to Buckle-Up

Following is a quick recap of some of the more substantial issues facing ATM operators in their ongoing quest to keep their fleets secure and compliant.

Under the PCI DSS v4.0 standard, ATM deployers must address new security requirements involving pin pads and Pin blocks. More specifically:

  • All ATMs that can be upgraded must be fitted with current generation Encrypting Pin Pads (EPP) by Dec. 31, 2024. Devices that cannot be upgraded will need to be replaced.
  • All ATMs must also be updated with the firmware/software necessary to support TR 31 Pin blocks by the end of 2024.

Not surprisingly, these more robust security requirements will force the retirement of older ATM applications and hardware that cannot be upgraded to support the new mandates.

  • NCR Atleos has previously announced that it is ending support for several ATM models in the SelfServ Series, as well as the Aptra Edge application at the end of 2024.
  • Diebold Nixdorf has also announced that December 31, 2024 will also be the end-of-life date for its Optiva ATM line.

In other end-of-life news, Microsoft has announced that, “Windows 10 will reach end of support on October 14, 2025. The current Version, 22H2, will be the final version of Windows 10, and all editions will remain in support with monthly security update releases through that date.” (It should be noted that support for Version 21H2 ends earlier, on June 11, 2024.) Any devices still running Windows 10 will need to be upgraded to use one of the Windows IoT Enterprise LTSC versions.

And one more thing to be thinking about… Assuming that TLS 1.2 has already been enabled across your fleet, it’s not too early to be thinking about TLS 1.3. NIST has already mandated its use by all GSA applications and systems, requiring support for TLS 1.3 by January 1, 2024. It won’t be long before your IT security and networking teams add this upgrade to your list of priorities.

Testing, Testing, Testing!

Of course, no two ATM operations are the same and each business will need to navigate its own way through the challenging year ahead. One thing is certain though, there is a significant amount of testing to be done. Those organizations who have already invested in modern testing tools and technology will have a considerable advantage over those who have not.

If your company still relies on manual ATM testing you may want to consider the advantages that ATM virtualization and automation can provide. Faster execution, expanded test coverage, improved quality, increased control and collaboration, as well as remote access to the ATM test environment will help your developers, testers and QA resources be successful in 2024.

It’s time to invest in Next Gen testing solutions to help keep your ATM fleet secure, available and compliant - while at the same ensuring that you deliver the best possible customer experience at the lowest cost.

Interested in learning more about how you can optimize your ATM testing operations? Paragon has extensive knowledge and experience providing innovative ATM testing solutions to the financial services industry. Contact us today to learn more.

Request a Consultation

Related posts

ATM Testing - November 15, 2023
Test Automation Tools Promote Transaction Security
Steve Gilde Author at Paragon
ATM Testing - November 8, 2023
Key Features to Look for in Modern ATM Testing Tools
Steve Gilde Author at Paragon
ATM Testing - October 26, 2023
Digital Transformation Requires Modern ATM Testing Technology
Steve Gilde Author at Paragon