Project (Project experience). Tinkoff Bank
Information security provision within a network of ATMs and payment terminals.
Aims and purposes
Integration of a modern ATM and payment terminal software security system into a large scale self-service device network. Providing effective protection from external and internal threats coupled with transparency and simplicity of security system management.
Tinkoff Bank, which is among top 20 largest banks of Russia and has an extensive network of self-service devices with over 1,300 ATMs and payment terminals. The bank is a leader in terms of remote services and they actively develop their network of innovative self-service devices as a new channel for providing modern financial services.
- The product allows efficient protection of ATM and payment terminal software from all types of malware, non-sanctioned changes, and access to data. Efficiency of this solution has been proved by multiple penetration tests performed with participation of leading companies in the sphere of critical infrastructure security testing.
- The protection measures we implemented provided compliance with requirements of the Bank of Russia (Statute†382-P) and PCI DSS requirements.
- In collaboration with Tinkoff Bank experts, we implemented new functions of SoftControl TPSecure. Among other things, we created the new module for encryption of ATM's hard disk. The module accounts for operating specifics of self-service devices: the key for decryption of the disk is bound to hardware characteristics of peripheral and system devices of the ATM and is not stored in TPM of the motherboard. This allows trusted computing of a self-service device without affecting operation of special electronics.
Used solution / product
Print this page