Regresar

Security Analysis in the Architecture of the ATM Service

Abstract:

In this research, a GAP analysis of the ATM service architecture was carried out; as a starting point, the current architecture of the ATM service was analyzed, identifying each of its components that make it up, to determine which components are suggested to be maintained, modified, and eliminated, to reduce the points of failure in the ATM system. In addition, the architecture of the ATM service was analyzed through a technical security procedure based on the good practices of the international Payment Card Industry Data Security Standard (PCI DSS) regulation. For the present study, a documentary and field research was carried out with data collection techniques such as the structured interview in which the Delphi method was used with 2 iterations, and this method was carried out to obtain efficient communication by the interviewer and the interviewee. In the first iteration, certified experts in computer security were interviewed, and in the second iteration, experts certified in the international PCI DSS standard were interviewed. The instrument used was a checklist, where compliance with the PCI DSS controls focused on the security of the ATM architecture service was evaluated. The results showed that thanks to the implementation of the GAP analysis, it was possible to determine improvements in terms of the diagram that makes up the architecture of the ATM service. In addition, through the technical procedure of the security analysis, the vulnerability of the medium and informative risk level was found. Finally, thanks to the implementation of the checklist and the interview, relevant information on the technological security of an automated teller machine (ATM) was obtained.