products or updating items secured in the enclosure.
• These kiosks use high-end industrial design, including large touchscreen interfaces, branding elements and fine design touches to appeal to targeted user settings, such as hotel lob-
bies, airport terminals and retail locations.
Electronic Access Solutions (EAS) that incorporate electronic locking and access control devices offer a proven and easy way to add physical security to self-service kiosks without interrupting industrial design. These electronic access solutions can serve as stand-alone access control devices, or they can be connected to a network for remote access control.
Most importantly, EAS platforms let the operators of unat- tended kiosks remotely manage access in real time by controlling and tracking who accesses the enclosures, when and for how long.
Expanding Risks and Regulations
Controlling access to standalone kiosks, particularly those con- nected to networks and equipped with data capture capabilities, is a critical necessity for the industry. The risks of cybercrime con- tinue to grow: In 2019, the global average cost of a data breach is $3.9 million. In the United States alone, the average total cost of a data breach has grown from $3.54 million in 2006 to $8.19 million in 2019, a 130 percent increase over 14 years.1
Stand-alone kiosks represent a significant point of risk for theft and cybercrime. The risk factor grows as kiosk applications and technology become more sophisticated. Access to the inter- nal systems within the kiosk could not only lead to theft of ex- pensive electronics, displays, batteries and copper, but also to the
theft of person’s payment information through the manipulation of internal control systems.
Regulatory bodies are placing a stronger emphasis on data pro- tection, making it essential that businesses deploying stand-alone kiosks take necessary steps to ensure that their security administra- tion meets industry standards. Organizations that fail to fully com- ply with current data regulations face significant consequences.
For example, the Payment Card Industry Data Security Stan- dard (PCI DSS) is regarded as one of the more significant data protection standards in the IT industry today. PCI DSS is de- signed to protect the personal payment card data of consumers and sets access control requirements for the entities that secure their information. The regulation calls for monitoring and track- ing staff who might have physical access to data or systems that house cardholder data.
Recent updates to the General Data Protection Regulation (GDPR) put even stiffer requirements on personal data protec- tion, and the fines for noncompliance are even more substantial. These requirements create a powerful incentive for kiosk opera- tors to consider the value of upgrading their kiosk access from standard mechanical keys to electronic access solutions to appro- priately control and monitor access.
EAS Provides Intelligent Security
Until recently, a large proportion of distributed kiosks have used lock-and-key mechanisms to provide access control and physical security. These mechanical lock-and-key-based solutions make it difficult, if not impossible, to track who has which key and when they have been used (or misused) to access a piece of equipment.
Electronic-locking technology with digital credentials, remote monitoring and concealed locking hardware provides a more ro- bust form of physical security and access control. It also provides a higher level of deterrence to vandals and thieves who try to steal kiosk equipment, merchandise, credit card data or cash.
An electronic-access solution combines three integral elements into one cohesive security system. A complete solution includes a credential with corresponding user interface, a control system and an intelligent electromechanical lock or latch.
The credential/user interface, such as a PIN/digital keypad, RFID card and reader, or Bluetooth device and reader provides the digital “key” which is transmitted to the associated user inter- face. The credential’s electronic data is then sent to the controller that validates the credential. If the user credential is valid, the controller then signals the intelligent latch to lock or unlock the desired kiosk door.
Upon actuation, a digital record of activity can be created and archived for future audit trail reporting. If desired, the record can be instantly transmitted via existing network connections built into the kiosk—one more digital record among many that the kiosk is already equipped to communicate across the network to which it is connected.
With significant legacy deployments, it is important to look for solutions that can easily integrate with existing infrastructure. For example, solutions exist today that can replace or be com- bined with, existing mechanical hardware and connected to exist- ing onboard computers and controllers. In this case, the existing user interface built into the kiosk can be used as the input device for controlling access to the equipment.
There are five main criteria that kiosk designers and end users
32
JANUARY/FEBRUARY 2020 | SECURITY TODAY
BANKING SECURITY
Smile Studio AP/Shutterstock.com