|
DFR Risk Management ATM PIN-Compromise Check List (APC-)
External PIN-Compromise Devices
| Camera Location & Packaging |
|
Keyboard
|
|
In light diffuser / light panel
|
SC1
|
|
Exact-size keyboard overlay
|
KB1
|
|
|
In leaflet box
|
SC2
|
|
Shelf / full-panel keyboard overlay
|
KB2
|
|
|
In false panel above PIN pad
|
SC3
|
|
False-front covering larger area
|
KB3
|
|
|
In false panel right of PIN pad
|
SC4
|
|
|
|
|
|
In false panel left of PIN pad
|
SC5
|
|
Other
|
KB0
|
|
|
In safety mirror
|
SC6
|
|
|
|
|
|
In sun / rain canopy
|
SC7
|
|
Surveillance
|
|
Integrated with skimmer
|
SC8
|
|
Shoulder surfing - covert
|
SV1
|
|
|
|
|
|
Shoulder surfing – assist victim
|
SV2
|
|
|
Other
|
SC0
|
|
Long-range lens / telescope
|
SV3
|
|
|
|
|
|
Mirror
|
SV4
|
|
|
Camera Type
|
Coloured dust
|
SV5
|
|
|
Spy camera
|
TC1
|
|
|
Advertising panel reflection
|
SV6
|
|
|
Cell phone camera
|
TC2
|
|
|
|
|
|
|
Video camera
|
TC3
|
|
|
|
|
|
|
Other
|
TC0
|
|
|
Other
|
SV0
|
|
Internal PIN-Compromise Devices
| Internal Compromise of Modules |
|
Internal Compromise of ATM System
|
|
ATM integrated security camera tap
|
IP1
|
|
Internal communications tap
|
IS1
|
|
|
Internal keyboard tap
|
IP2
|
|
Software / Malware / Trojan
|
IS2
|
|
|
|
|
|
|
|
|
|
Other
|
IP0
|
|
Other
|
IS0
|
|
Remote & Secondary PIN-Compromise Devices
| Remote Cameras |
|
Remote Keyboards
|
|
ATM location CCTV
|
RC1
|
|
Door-entry keyboard
|
RK1
|
|
|
ATM location spy camera
|
RC2
|
|
PIN-activation / validation keyboard
|
RK2
|
|
|
|
|
|
Stand-alone terminal
|
RK3
|
|
|
Other
|
RC0
|
|
Other
|
RK0
|
|
Attachment Method & Power Source
| Attachment Method |
|
Power Source
|
|
Adhesive tape
|
AM1
|
|
Integrated non-rechargeable batteries
|
PS1
|
|
|
Glue
|
AM2
|
|
Integrated rechargeable batteries
|
PS2
|
|
|
Screw / bolt
|
AM3
|
|
Separate battery pack
|
PS3
|
|
|
Friction fit
|
AM4
|
|
From ATM power
|
PS4
|
|
|
Weld / fuse
|
AM5
|
|
From other constant power source
|
PS5
|
|
|
Other
|
AM0
|
|
Other
|
PS0
|
|
Storage Capability, Communication & Download Capability
| Storage |
|
Communications & Download
|
|
None
|
ST1
|
|
None
|
CD1
|
|
|
Local integrated chip
|
ST2
|
|
Socket / USB
|
CD2
|
|
|
Local data / SD card
|
ST3
|
|
Analogue RF
|
CD3
|
|
|
MP3 / MP4 or equivalent recorder
|
ST4
|
|
Bluetooth
|
CD4
|
|
|
Cell phone camera storage
|
ST5
|
|
Wi-Fi (802.11)
|
CD5
|
|
|
|
|
|
SMS / MMS / Text
|
CD6
|
|
|
|
|
|
GSM / Data
|
CD7
|
|
|
|
|
|
Digital RF (non-specific)
|
CD8
|
|
|
Other
|
ST0
|
|
Other
|
CD0
|
|
Activation & Encryption
| Activation |
|
Encryption
|
|
Always on (switched)
|
AC1
|
|
None
|
EC1
|
|
|
Proximity detector
|
AC2
|
|
AES
|
EC2
|
|
|
Remote control
|
AC3
|
|
DES
|
EC3
|
|
|
Card / transaction activated
|
AC4
|
|
3DES
|
EC4
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Other
|
AC0
|
|
Other
|
EC0
|
|
Additional Features, Capacity & Endurance
| Features |
|
Capacity & Endurance
|
|
Integrated skimmer
|
FP1
|
|
Maximum endurance from power supply
|
|
|
|
Receiver for skimming device
|
FP2
|
|
Maximum number of PIN data stored
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Other
|
FP0
|
|
Other
|
|
|
|
