Presentation on theme: "January 2008 Chad Young Director, Distribution Channels U.S."— Presentation transcript:
January 2008 Chad Young Director, Distribution Channels U.S.
2 Wincor Nixdorf US | January 2008 Rich History of Innovation and Customer Commitment Informationssysteme AG Retail and Banking Systems GmbH Business foundation by Heinz Nixdorf Expansion to the fourth largest computer company in Europe Acquisition of Nixdorf Computer corporation by Siemens corporation Foundation of Siemens Nixdorf Information Systems corporation Establishment of Siemens Nixdorf Retail and Banking Systems Inc. Continuous growth with two- digit expansion rate Separation from the Siemens group Independence and new brand: Wincor Nixdorf Initial public offer as Wincor Nixdorf stock corporation
3 Wincor Nixdorf US | January 2008 Wincor Nixdorf At a Glance Blue chip-customers Retail Banking Postal service Hospitality Service stations Lottery Products Solutions/ Consulting Services incl. outsourcing Global presence in over 90 countries Main production locations: Germany Singapore China Brazil Development Center: Germany Switzerland Singapore Corporate profile (FY 06/07)Customer-oriented culture
4 Wincor Nixdorf US | January 2008 Wincor Nixdorf in the United States 90 employees and 60 people per shift in the call center Facilities of 75,000 Sq. Feet include Sales Marketing Engineering and technical support Financials Logistics Warehouse Testing and diagnostics Staging and integration Assembly line Spare part inventory Certified repairs Shipping and receiving Wincor Nixdorf HQ in the US – Austin, Texas Staging Center Material Handling Repair Center
5 Wincor Nixdorf US | January 2008 Worldwide Market Positions 2006 No. 3 No. 2 No. 1 No. 2 No. 1 Automated Teller Safes Monitoring / Admin Document/Passbook Printers ATMs and Cash Dispensers Point of Sale Multi-vendor Applications Customer Information Printers Transaction Terminals
7 Wincor Nixdorf US | January 2008 Wincor Nixdorf World wide shipments of ATMs/CDs ~ 52,800 ATMs/CDs shipped in 2006/07 ~ 8,300 Intelligent Deposit Systems shipped in 2006/07 61,170 06/07 48,795 05/06 35,005 04/05 32,190 03/04 22,608 02/03 16,803 01/02 22,587 00/0193/94 15,397 8,865 3,111 96/97 7,610 95/9697/98 4,285 94/9598/9992/93 3,959 99/00 14,198 2,923
8 Wincor Nixdorf US | January 2008 Innovation strongly driven by Customer Needs and Technical Progress ProCash 4000xs SlimCash ProCash 1571ProCash 4100xs Key Figures Ongoing Portfolio-Additions, e.g.: SlimCash 200, ProCash 4000xs, ProCash 4100, FrontOffice/TOP, PCA 3.0 Wincor Nixdorf commitment in FY 06/07 to customer-oriented R&D: R&D Spendings of US$ 138 Mio. (11% growth) 843 Employees in R&D – 10% of total Headcount 75 new Patents – Active Patents up to 1,028
9 Wincor Nixdorf US | January 2008 … and continuously winning new customers (15 years) (28 years) (26 years) (28 years) (26 years) Developing customers for decades … Global Constructed Customer Base Banking ranked by market cap, Retail ranked by revenue Source: Thomson Financial, Datastream, Lafferty (European Banker), STORES.org, MINTEL.com Blue chips: Banking25 out of the Top 25 Banks in Europe 18 out of the Top 25 Banks in the World Retail19 out of the Top 25 Retailers in Europe 17 out of the Top 25 Retailers in the World
10 Wincor Nixdorf US | January 2008 Strong company focus on U.S. business development Broaden No. 1 position in Canada Expansion of onsite maintenance coverage and enhanced service portfolio (Managed Services) Direct Focus on Top Accounts Reseller model for small and medium banks Broaden portfolio incl. Recycling ATMs, Kiosk, Branch Renewal, PC/E Strong focus on innovation, quality and customer satisfaction Goals Strategic Strategic Goals Source: ATM & Debit News Nov / Wincor Nixdorf Wincor Nixdorf is on track to become a leading supplier of banking solutions in North America WN Customer Non-WN Customer Pilot/Pilot in Prep Top 25 ATM Deployer in North America
11 Wincor Nixdorf US | January 2008 Wincor Nixdorf continues to invest and shows a strong commitment to the U.S. marketplace Milestones U.S. Banking business unit established in the U.S Wincor Nixdorf US Headquarters established in Austin, TX Acquisition of AUTOTELL – Setup of regional SW competence center in Boston for the Americas Rollout of 1,200 ATMs at Valero First Multivendor SW project at JPMC (eATM) 2007 Alliance Agreement with IBM Launch of integration and staging center Call Center setup Rollout of 2,500 APC Terminals for USPS Setup of service Infrastructure Platform (eServices) Introduction of direct sales model First envelope free pilot at Wells Fargo Building up onsite maintenance Nationwide depot concept (FEDEX) BTN Innovator Award Banking business growth of 98% Continues investments into sales, support and services New HQ in Austin
12 Wincor Nixdorf US | January 2008 Securing your ATM Network EXPERIENCE MEETS VISION.
13 Wincor Nixdorf US | January 2008 Potential ATM Attacks Intrusion and theft Physical/ Destructive Attacks Fraud/ Tampering Cyber Attacks
14 Wincor Nixdorf US | January 2008 Intrusion and theft Physical & Destructive Attacks Fraud/Tampering Cyber Attacks Potential ATM Attacks
15 Wincor Nixdorf US | January 2008 Security Housing Conventional safes Strongbox Wall thickness 2 or 3 mm UL 291 Level 1 Wall thickness 12,5 mm CEN L Wall thickness 12,5 mm RU* 30/50 (total breach) CEN III Wall thickness 40 mm RU* 120 (total breach) CEN IV Wall thickness 40 mm RU* 120 (total breach) CEN VI Wall thickness 80 mm RU* 400 (total breach) CEN V *RU: Resistance Unit Total time x BV of strongest tool + total BV of all tools e.g. BV (basic value): chisel=1 oxygen lance=32 Security levels
16 Wincor Nixdorf US | January 2008 Safe Locks Functions Open Safe Change code Connection to Alarm System (Distress Alarming) Delayed opening Administration system with Audit Trail (record opening activities) Single-use opening codes, Soft-Key (eg. Mas Hamilton Lock)
17 Wincor Nixdorf US | January 2008 Cassette – Note Staining Systems The ink from the security module integrated in the cassette degrades the cash within a fraction of a second. Can be switched to ATM or transport mode Contacts protect the cassette if criminals attempt to break the cover open. Integrated sensors (detect non horizontal position and physical blows) Solution can be upgraded on machines in the field by replacing cassettes at a later date Functions
18 Wincor Nixdorf US | January 2008 Cassette – Note Staining Systems Wincor Nixdorfs solution assures an average banknote ink penetration of more than 35% when the cassette is full. The minimum guaranteed ink penetration is 20%. These ink penetration values are high when compared to competitor products. Advantage
19 Wincor Nixdorf US | January 2008 Intrusion and theft Physical & Destructive Attacks Fraud/Tampering Cyber Attacks Potential ATM Attacks
20 Wincor Nixdorf US | January 2008 Anatomy of an ATM Theft
21 Wincor Nixdorf US | January 2008 Anatomy of an ATM Theft
22 Wincor Nixdorf US | January 2008 …and when finally found….
23 Wincor Nixdorf US | January 2008 Explosion of ATM An explosive gas mixture of oxygen and acetylene will be pumped in the ATM. With an electric cable, which is inserted in the ATM the explosive gas mixture will be ignited from a secure distance.
24 Wincor Nixdorf US | January 2008 Explosion of ATM
25 Wincor Nixdorf US | January 2008 Explosion of ATM
26 Wincor Nixdorf US | January 2008 Result…theft of cash cassettes
27 Wincor Nixdorf US | January 2008 Anchored ATM Installation
28 Wincor Nixdorf US | January 2008 Functions Alarm Package: Machine Removal Sensor Fig.: A94_ Min Mechanical sensor Protection against forceful removal of the entire ATM Alarm triggered as soon as attempt at removal starts No false alarms Protection against tampering
30 Wincor Nixdorf US | January 2008 ATM secured with GPS positioning technology Alarmplan wird ausgelöst Internet Security operations control center location- finding server GPS location module Database network provider ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ALARM D1 D2 O 2 Neigungsmelder Tilt sensor
31 Wincor Nixdorf US | January 2008 Intrusion and theft Physical & Destructive Attacks Fraud/Tampering Cyber Attacks Potential ATM Attacks
32 Wincor Nixdorf US | January 2008 Crimes Committed at ATMs Crimes most commonly committed at ATMs Skimming Special intrusion mechanisms mounted in front of the card reader are used to copy (fish for) card data. Lebanese Loop Special intrusion mechanisms mounted in front of the card reader are used to steal the card. Not noticed by customer!Customer loses card!
33 Wincor Nixdorf US | January 2008 Lebanese Loop
34 Wincor Nixdorf US | January 2008 Anti Lebanese Loop Card Reader
35 Wincor Nixdorf US | January 2008 Skimming device on a ProCash 2xxx ATM CameraSkimming device
36 Wincor Nixdorf US | January 2008 Rash of ATM-skimming attacks hits Irish banks Wednesday February HUNDREDS of thousands of euro has been stolen from bank accounts of unsuspecting customers over the past two weeks, it emerged last night. The scam has hit bank customers in Limerick, Clare, Tipperary and Kerry, after skimming devices were installed on ATM machines across Munster. Gardai say that 160,000 has been stolen from bank accounts in Clare alone over the past fortnight. The revelation comes as Bank of Ireland refunded thousands of euro to 90 customers at its branch in Ennis who fell victim to a skimming operation. Source: Independent.ie News
37 Wincor Nixdorf US | January 2008 Fast processing of the skimmed data The data copied from the magnetic stripe is transmitted via radio waves and stored on a notebook computer. The skimmed data are passed on immediately and as soon as two hours later, fake cards can be used to make purchases
38 Wincor Nixdorf US | January 2008 New generation of skimming devices
39 Wincor Nixdorf US | January 2008 New generation of skimming devices On the left you see a typical skimming device with conventional technology beside a new skimming device with modern technology Dimensions Width mmHeight mmDepth 3.89 mm
40 Wincor Nixdorf US | January 2008 New generation of skimming devices The police obtained a card skimmer and a fake PIN pad which was bonded to the ATM. Both items hardly distinguishable from the original components
41 Wincor Nixdorf US | January 2008 New generation of skimming devices Six small batteries connected to micro switches Micro switchesMagnetic read head Transmitter circuit Transmitter antenna
42 Wincor Nixdorf US | January 2008 Video Surveillance ATM-specific installation ATM-specific camera module Retrofittable Versions: Black/white or color (Color for XE systems only) PAL or NTSC Portrait camera
43 Wincor Nixdorf US | January 2008 Anti-skimming Card Reader Throat Element for card reader throat With the anti-skimming card reader throat, easy mounting of a skimming device is prevented Anti-skimming card reader throat is securely screwed-on. Sensor is activated if card reader throat is removed
44 Wincor Nixdorf US | January 2008 Card reader throat of Wincor Nixdorf ATMs 30 mm It is important to know how far the card juts out of the card reader module in the eject position. In WN systems, it is approx. 30 mm. This is the area accessible to the system user or the thief with our standard card reader throat Insertion direction The installation of an anti-fraud card reader throat eliminates the space required for the installation of a skimming device. A skimming device cannot be attached in front of our card reader.
45 Wincor Nixdorf US | January 2008 Anti-skimming Sensor Mounted inside ATM fascia Can not be seen or removed from outside the ATM Can not be seen or removed from outside the ATM Senses change in magnetic field associated with installation of skimming device Senses change in magnetic field associated with installation of skimming device Sensor communicates with ATM software if device detected Sensor communicates with ATM software if device detected Alarm triggered ATM shutdown Automated action(s) Anti-Skimming Sensor
46 Wincor Nixdorf US | January 2008 Intrusion and theft Physical & Destructive Attacks Fraud/Tampering Cyber Attacks Potential ATM Attacks
47 Wincor Nixdorf US | January 2008 Payment Card Industry PCI Data Security Standard: PCI DSS For the first time in Sept. 2006, the five brands agreed on a single, common framework for creation of an organization to develop and maintain security standards for credit and debit card payments. The newly formed Payment Card International Security Standards Council will manage the PCI Data Security Standard for merchants, payment processors, point-of-sale vendors, financial institutions and more than a billion cardholders worldwide.
48 Wincor Nixdorf US | January 2008 Payment Card Industry 3 different standards There are 3 standards relevant to banking….. Encrypting Pad (EPP) Security: PED (Visa) Encrypting PIN Security (RKL, Key management) Data Security (operations, infrastructure and processes)
49 Wincor Nixdorf US | January 2008 Encrypting PIN Pad (EPP) PCI PED 1.0 or higher (for all ATMs purchased after 1/1/2008) Securing the network keys (attack-proof memory area) Remote key management Cryptographic functions Security housing (tamper-responsive) Secure software update (direct or remote) Functions
50 Wincor Nixdorf US | January 2008 Remote Key Loading (RKL) ATM
51 Wincor Nixdorf US | January 2008 Key Loading….today vs. tomorrow Typical process today for master key input The master key is generated by the KMS/HSM, then printed out and distributed as two key halves Two employees each input one half of the key on the local ATM Disadvantages: Cost-intensive process Labor-intensive process Security: Key cracking / misuse / loss of key Manual key loading KMS/HSM (Key generation) Master key KMS: Key Management Systems HSM: Hardware Security Module TMK: Terminal Master Key
52 Wincor Nixdorf US | January 2008 Remote Key Loading The Master Key must be encrypted, with a unique Transport key per ATM (Terminal). Each ATM must have a unique identifier ! During the initial master key loading process, the host must be able to verify the data from the ATM and the ATM (EPP) must be able to verify the host data The first initial transport key must be injected in the ATM (EPP) in a secure way or secure environment Master Key
53 Wincor Nixdorf US | January 2008 Payment Card Industry Data Security Standard (DSS) - Requirements Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software 6. Develop and maintain secure systems and applications
54 Wincor Nixdorf US | January 2008 Payment Card Industry Impact for Wincor Nixdorf Encrypting Pad (EPP) Security Hardware Firmware Encrypting PIN Security (Remote Key Load - RKL, Key Management) PCI Compliant Firmware PCI Compliant ATM Software: ProClassic (NDC/DDC/IFX) RKL Solutions: ProRKL & PT/E-RKL Data Security (operations, infrastructure and processes) Platform Security Agent (PSA) ProTect/One PT/E- HVPN