Security Restricting Bank ATM Options
By William A. Brown
The right of financial institutions to choose their own ATM service providers is now seriously under threat. Leading ATM manufacturers are taking advantage of Triple DES upgrade requirements to restrict access by other service companies.
“Triple DES” stands for Triple Data Encryption Standard. Visa and MasterCard are requiring all ATMs that touch their network to have this security upgrade. Basically, the upgrade involves replacing the existing keyboard with a keyboard that triple encrypts the entry.
ATM manufacturers restrict access and retain exclusive servicing rights to their products by adding special passwords necessary for diagnostic work. The passwords are periodically changed and the manufacturers refuse to release them to anyone except their own employees unless an annual fee is paid to the manufacturer. They further retain exclusive servicing rights by withholding backup copies of operating software.
Typically customers are not even warned in advance of these restrictions, but discover later that the manufacturer has taken control of maintaining all upgraded ATMs based upon so-called “proprietary software or intellectual property rights.”
“This is already affecting many of our clients and is a bold attempt by the manufacturers to unfairly restrict competition,” said Mark Pifer, president of E. A. Pifer Financial Systems Inc., an independent servicer.
Potentially this practice – if not stopped now – could logically expand to include all software-dependent equipment, such as bank alarm, video, keyless safe deposit and drive-up systems.
Do you remember when ATM maintenance contracts were $3,000 to $4,000 a year? As soon as third-party access became an option, that expense dropped by an average of $1,000 to $2,000 per ATM and quality improved.
If manufacturers are successful in eliminating third-party competition, such as provided by Pifer’s company and other reputable third-party servicers, service costs are sure to skyrocket again.
A competitive marketplace best serves New Jersey banks. Accordingly, bankers need to protect their ability to select whomever they wish to service their ATMs.
That is why the Financial Service Providers Association makes the following recommendations. Before making an ATM purchase or ATM upgrade investment that can seriously impact your long-term service budget, protect your bank by being certain to:
• Specify your acceptable post-warranty service terms with the utmost clarity;
• Obtain a written commitment from the manufacturer to support any service vendor you select by providing all necessary parts and information;
• Insist that your software contains no passwords to prevent service by your chosen maintenance company; and
• Obtain a backup copy of your software at the time of installation.
Bankers should also be aware that the dominant ATM manufacturers are not the only Triple DES-capable and network-certified ATM providers. In these cost-conscious times it is necessary to explore the various ATM and other equipment options that enable your bank to remain in charge of hardware and service-related decisions.
By reviewing a list of vendors affiliated with NJBankers, bankers will be provided with choices rather than restrictions and be able to reap the benefits of a free market system.
William A. Brown is president of Business Development Services, a consulting firm to the banking industry. He can be reached at firstname.lastname@example.org.