What ATM Deployers and Financial Institutions Need to Know About Upcoming PCI Mandates & More

By Maya Fuentes

Whether you own and operate ATMs or manage a financial institution, we all have one thing in common – the headache of ongoing ATM updates. While it would be great if we could avoid the additional costs, time, and energy that go into keeping our fleets up to date, the nature of technology has three inescapable facts:

  1. Consumers rely on ATMs.
  2. Financial and technology equipment, by their nature, are a target for criminal activity.
  3. ATMs must be kept safe for consumer use.

Unfortunately, criminals are always working to find new ways to gain access to consumer information in order to steal money. And, as operators of consumer-facing financial equipment, ATM deployers and financial institutions must take appropriate steps to protect ATM users.

Not implementing appropriate security measures puts customer data and their money at risk. This is especially true of machines still running outdated operating systems, have exposed external access points, or outdated PIN pads. All these situations make machines an easier target for hackers.

With all the changes coming to ATMs – software and ATM lines being discontinued, and PCI compliance, not to mention end of support of Microsoft Windows 10 software in mid-October 2025, both financial institutions and ATM deployers should take notice – and action.

First, to Take the Edge Off

NCR’s Edge is the first to go. The company has announced it is ending support of their software at the close of 2023 and replacing it with Activate Enterprise. If that isn’t enough, financial institutions also need to worry about replacing NCR SelfServ 30 series machines. These popular ATMs and ITMs, first launched in 2008, are being phased out as of the end of 2024.

That’s right, both the software AND the hardware associated with the popular NCR ATM line will be out of date as of December 31, 2024. And while Diebold has already upgraded their software, their popular line of Opteva ATMs, launched in 2003, is also reaching end of life on the same date. 

Both Diebold and NCR picked a surprisingly advantageous time to sunset some key equipment in their line-ups. You see, we’re all going to have to either update or replace those ATMs and ITMs anyway.

PCI Requirements Hitting Hard

New mandates from the Payment Card Industry Security Standards Council (PCI) require a significant upgrade to ATM PIN pads and data encryption – effective December 31, 2024 for hardware, and January 1, 2025 for software and firmware.

The new PIN pads must use the TR31 Phase 3 key blocks to offer better security for data infrastructure and the protection of personal identification numbers (PIN). The end goal of this upgrade is, of course, to make it harder for hackers to exploit weaknesses in the encryption of payment data.

Most new machines are already equipped with the latest PIN pad technology and software. However, like every other ATM upgrade, there are older machines that will need hardware or software upgrades – or both. And then there are the models that are simply beyond the capability of supporting the latest update and must be replaced.

What To Do Now?

As we all know, there are two major factors for both ATM deployers and financial institutions in managing an ATM upgrade of this caliber – planning and resources. But neither of these items needs to be an obstacle in ensuring the safety of consumers or your business. There are options available to ease the burden of this as well as future upgrades… because we all know they’re coming.

Banks and credit unions that are sick and tired of spending time and money on seemingly endless ATM operational concerns (PLUS upgrades) might benefit from an outsourcing program. This solution leverages a single, trusted ATM deployer partner to take over the compliance, operations, and day-to-day management of one or more machines. This way, the burden of capital expense, up-time, and, of course, upgrades, falls on the shoulders of a known vendor partner – and not on the budget and time of the financial institution.

But ATM deployers don’t have to go it alone in the perpetual upgrade cycle, either. There are larger industry partners ready and willing to work with independent operators for the future success of their business. These companies offer a variety of benefits including access to better, more leveraged pricing; a larger impact in negotiation with vendor partners as well as potential retail or financial locations; and access to a wider-range, more robust service organization.

Ensuring ATMs offer reliable and safe financial access to consumers can be a heavy burden. Certainly, ongoing updates, upgrades, and mandates make it a chore. But neither financial institutions nor ATM deployers have to carry the burden alone. Even in the face of these quickly approaching changes, there are opportunities to improve operations, budget, and the bottom line.

With a myriad of changes coming to ATMs including PCI compliance, ATM deployers and financial institutions don’t have to go it alone. Paramount offers ATM outsourcing and managed services for banks and credit unions, and a robust partnering program for independent ATM deployers.

About Maya Fuentas – With more than two decades of executive level sales and operations experience in the payment processing arena, Maya currently serves as Senior Vice President, Sales and Marketing with Paramount Management Group. In her current position, she is an integral part of the executive management team, manages the company’s sales and marketing efforts and specializes in mergers and acquisitions. Connect with Maya via email or through LinkedIn.