What do new PCI mandates mean for banks, ATMs?

Nowadays, it seems ATMs are always in need of an upgrade. Financial institutions, especially, are hit hard with regular software upgrades in addition to mandates and security requirements. Even worse, every update kills off a few more long-standing models.

This year alone, NCR Corp. has announced the end of life of its Edge software. Similarly, NCR 663X series hardware and Diebold Nixdorf's Opteva models will sunset at the end of 2024. If that wasn't enough to have many banks and credit unions concerned, new ATM standards for Payment Card Industry (PCI) compliance will also take effect beginning Dec. 31, 2024.

What PCI updates?

The PCI Security Standards Council recently released new ATM PIN pads and data encryption mandates. The latest, most secure encrypting pin pad (EPP) must be installed on terminals capable of being upgraded by Dec. 31, 2024.

In addition to the pin pad requirement, there is also the issue of updating firmware and software to use the TR31 Phase 3 key blocks. This new key block encryption has been designed to provide a higher level of security for personal identification numbers (PINs) and data infrastructure. This additional security protects the cryptography of the payment data, effectively giving hackers a more challenging time exploiting weakness.

What happens if ATMs aren't updated?

For the safety of account holders, machines that can't handle the new pin pad or software need to be replaced. Any ATMs that haven't been updated after the final deadline (Jan. 1, 2025) risk losing the ability to process transactions, depending on the processor with whom they are partnered. In the worst-case scenario, some or all of your institution's machines will lose the ability to perform even the most basic transactions.

Unfortunately, consumers can be ridiculously fickle regarding their financial institution experience. One bad interaction can significantly impact a current or potential account holder's impression of the service they can expect from your bank or credit union. So, even if you are relatively confident your processor will provide some grace in your upgrade timeline, it is best to make a plan now to ensure your machines are entirely up to date.

What does this mean for financial institutions?

Unfortunately, these upgrades mean throwing even more money into maintaining your ATM channel. Institutions with older machines are likely to need brand-new machines. But even those with newer ATMs might have to purchase a new pin pad or upgrade software. And if it's not the expense for physical equipment, it's the time, energy, and money spent to work with multiple vendors and schedule technician site visits.

Fortunately, there are companies that specialize in ATM outsourcing that can help banks and credit unions better navigate the upcoming PCI mandates… and any future upgrades, too.

How can outsourcing help?

Rather than investing more time and capital, an ATM partner can take over the equipment, software, and daily operations of the financial institution's ATMs. In doing so, they also take over the compliance and responsibility for those ATMs.

In addition to taking over compliance, ATM operators leverage their dedicated attention, industry partnerships, and more extensive ATM network to offer excellent uptimes and consumer experiences.