ATM Fleet Management: Five Things to Consider When Choosing a Partner

The ATM channel is a vital touchpoint for consumers. Yet in a recent commissioned global study conducted by Forrester Consulting on behalf of Diebold, a majority of financial institutions (FIs) polled felt in-house management of their self-service fleet was becoming too difficult. Managing an ATM fleet has never been more complex. I see four main drivers of this challenge:

• New regulations and compliance requirements are popping up more frequently.
• Consumers expect more out of every interaction.
• FIs have grown, merged and added new technology, creating ATM networks and advanced transactions that are less and less homogenous and increasingly multi-vendor and multi-channel.
• Security threats are getting more advanced.

The Forrester researchers found that 97% of the FIs polled manage ATM information security in-house, and 76% manage compliance in-house. Those are big numbers when you think about the feedback I mentioned above from the Forrester study, and they represent a huge opportunity for FIs to shift their priorities back to core retail-banking business objectives like deepening relationships with consumers and driving revenue – if they can find the right partner.

The challenge we often see when we initiate work with new clients is they’re not sure where to begin, or what options are available to help ease their fleet management workload. In fact, one of the most striking results of the study was this chart highlighting the anticipated benefits of outsourcing versus the realized benefits:

FIs realized very different primary outsourcing benefits from those they expected to find. This chart outlines the very real need to partner with an organization that specializes in fleet management, real-time monitoring and ATM security. If your organization is considering partnering with a vendor who can help monitor, secure, repair and maintain your fleet, make sure you address these five areas – all potential sticking points in a long-term collaborative partnership.

1. Security Responsibility

No one wants to hand over the keys – and you shouldn’t have to. Any outsourcing agreement you enter into with a vendor should be built on clearly defined roles and responsibilities. You may be surprised, however, to discover that not all services vendors prioritize security – and that it’s up to your own organization to ensure the necessary security procedures are implemented. As technology increases, there’s a potential knowledge gap that will only get bigger. It’s incredibly difficult to stay ahead of fraud when it’s not the full-time job of a team of experts.

A multi-level, layered security process is a must when dealing with today’s advanced fraud techniques. Dedicated data centers around the globe are one method of ensuring ATM networks are being monitored and secured 24/7 and in real time. Diebold maintains a multi-million dollar infrastructure of dedicated centers to ensure that our customers’ self-service assets are secure. Because of our robust infrastructure and real-time connectivity to banks, we’re able to take a proactive approach to ATM security, rather than a reactive approach.

Ask a potential managed service provider some targeted questions to better understand their approach to ATM network security:

• Do you adhere to PCI-DSS compliance standards?
• Do you monitor and proactively address security updates?
• Do you regularly participate in and pass OCC/FFIEC audits?
• Will you manage my entire software stack, not just my operating system?

2. Service Delivery Options
How is your potential partner planning to deliver services? Outsourcing providers might say they have data centers – but are they dedicated monitoring stations where remote, real-time connectivity is fully enabled?

With the proper monitoring tools, nearly 25% of applicable ATM faults can be resolved remotely and in near real time. On the flip side, if an organization is relying on traditional “feet on the street” maintenance and repair, the length of time between problem and resolution can be much greater. And, you may not ever get full visibility to the nature of the problem. Through IP connectivity, our solutions don’t just monitor the health status of each ATM in a network; we’re performing constant, live monitoring to ensure terminals are online, the applications are fully functioning, the security hasn’t been compromised and that no one has attempted to compromise the security.

3. Software Compatibility
From a software perspective, how are the applications in your software stack communicating with each other, with multi-vendor terminals and applications and with other channels in your organization? In a multi-vendor environment, it’s critical to have tools that can help manage your software on any type of self-service fleet and drive operational efficiencies.

When you’re considering a new software and services partner, make sure you have key stakeholders from IT and compliance at the table to better understand a range of issues:

• How the components will integrate into your current infrastructure.
• How the applications will be maintained, and what else the vendor provides beyond their own software patches – do they offer PCI compliance guidance? Software configuration management? What about XFS layer updates, maintenance releases and complete application updates, including third-party software?
• Customization options – will the vendor work with your team to deliver a solution that’s right for your unique network?

4. Long-Term Support
 On “day one” of an implementation or partnership, everything is new and fresh, everyone’s on their best behavior. You’ve spent significant time and resources to build your strategy and drive toward the launch.

Now what?

Have you secured a vendor who will provide a service, or have you collaborated with a partner who will help you see your strategy through for years to come? When you vet potential partners, ask them for examples of long-term relationships they’ve had with other clients, and samples of problems they helped resolve long after the initial SLA was signed.

For example, some vendors perform application hardening at the onset of an engagement, then leave the software without proper ongoing maintenance. Philosophically, there is often a mindset that the application has been designed and secured so well, there’s no need to monitor and maintain it in real time. Our perspective is that criminals are smart, aggressive, and they see new security measures as nothing more than obstacles to overcome. The Diebold philosophy is to scrutinize, monitor and maintain networks just as aggressively and in an ongoing manner, so we can always stay one step ahead of fraudulent activity.

These relationships should not be “set it and forget it.” Your strategy – and thus, your needs – will continue to evolve over time, and a strong partner will be both flexible and knowledgeable enough to work with any shifts that occur. It’s not just about day one. It’s about day 365, day 972, day 1,500. Look for a partner who will continuously help optimize the life-cycle of your terminals and software, and ensure you have a comprehensive picture of the ongoing ROI.

5. Experience & Specialization
 The market is becoming more crowded and confusing as new players enter the market. There are two red flags to be aware of when you’re considering a shortlist of vendors to vet:

• Are they generalists, or do they specialize in financial self-service?
• Will your relationship be experimental in nature or do they have experience in working with clients similar to your organization?

Often, a new provider is coming from an entirely different industry – they may have the infrastructure you need, but do they have experience responding to the nuances of the financial vertical? Likewise, even some of the self-service industry’s largest players offer services in other verticals – which means the ATM technician working on your machine may be a generalist who spends a portion of their time working on other devices. This may cause a lower level of expertise, and ultimately protection. The technicalities of an ATM, along with expanding transaction sets, software, services and back office integration, require greater sophistication, adaptability and thought leadership from potential outsourcing partners.

The Bottom Line

 The Forrester study found that the most damaging security threats to an ATM network were also the threats FIs found most challenging to prevent. Dedicated experts, with extensive experience in the financial self-service arena, are optimally positioned to monitor and secure your ATMs. Real-time visibility goes hand-in-hand with that expertise – it’s crucial to shortening the length of time between problems and resolutions.

Choosing a partner to collaborate on your self-service network management is a big deal; don’t rush it. There are many components to weigh before making a choice. If you have questions, I encourage you to reach out to your Diebold representative. We have the expertise and knowledge of the financial self-service market to help you make an educated decision that will meet your organization’s needs in the best way possible.

Start managing risk more proactively today, just by clicking a button. Subscribe to our ATM Security Alert program to receive emails on recent physical, logical, and card-and-currency attacks around the globe and in your region. You can also reach out to us with questions – let’s start a conversation.

By: Tim Witt
Posted: April 7, 2016