Under Lock and Key

Under Lock and Key

The interactive self-service kiosk has become a valuable, steadily growing commercial and informational tool since the launch of the first banking ATM in the 1980s. It is an essential part of our modern-day digital landscape.

Due to advances in broadband networks and touchscreen technologies, kiosk-based transactions have evolved from ATMs, vending machines and self-service fuel dispensers. They include a host of new applications, including everything from remote merchandise pickup and parcel exchange to digital ordering kiosks and gaming systems, such as lottery sales and electronic slot machines.

All have several factors in common. They are automated systems that feature expensive equipment and are located in a wide range of often unattended sites. They can store valuable products, give access to valuable services and —crucially— incorporate technology to capture personal and financial information in order to facilitate transactions. They are also connected to corporate transaction networks, which can make them points of entry to hackers. In addition, many of these self-service kiosks can receive or dispense money.

Given these factors, kiosk designers, builders and end users need to make a critical assessment of how these systems are secured. Whether located indoors or outdoors, stand-alone kiosks include several features that need to be considered when selecting a security solution:

  • These kiosks enclose and protect critical equipment — touchscreens, processors, credit card readers and technology that connects to either the internet or proprietary corporate networks.
  • They need to be accessed on a routine basis by consumers as well as a variety of staff performing maintenance, restocking products or updating items secured in the enclosure.
  • These kiosks use high-end industrial design, including large touchscreen interfaces, branding elements and fine design touches to appeal to targeted user settings, such as hotel lobbies, airport terminals and retail locations.

Electronic Access Solutions (EAS) that incorporate electronic locking and access control devices offer a proven and easy way to add physical security to self-service kiosks without interrupting industrial design. These electronic access solutions can serve as stand-alone access control devices, or they can be connected to a network for remote access control.

Most importantly, EAS platforms let the operators of unattended kiosks remotely manage access in real time by controlling and tracking who accesses the enclosures, when and for how long.

Expanding Risks and Regulations

Controlling access to standalone kiosks, particularly those connected to networks and equipped with data capture capabilities, is a critical necessity for the industry. The risks of cybercrime continue to grow: In 2019, the global average cost of a data breach is $3.9 million. In the United States alone, the average total cost of a data breach has grown from $3.54 million in 2006 to $8.19 million in 2019, a 130 percent increase over 14 years.1

Stand-alone kiosks represent a significant point of risk for theft and cybercrime. The risk factor grows as kiosk applications and technology become more sophisticated. Access to the internal systems within the kiosk could not only lead to theft of expensive electronics, displays, batteries and copper, but also to the theft of person’s payment information through the manipulation of internal control systems.

Regulatory bodies are placing a stronger emphasis on data protection, making it essential that businesses deploying stand-alone kiosks take necessary steps to ensure that their security administration meets industry standards. Organizations that fail to fully comply with current data regulations face significant consequences.

For example, the Payment Card Industry Data Security Standard (PCI DSS) is regarded as one of the more significant data protection standards in the IT industry today. PCI DSS is designed to protect the personal payment card data of consumers and sets access control requirements for the entities that secure their information. The regulation calls for monitoring and tracking staff who might have physical access to data or systems that house cardholder data.

Recent updates to the General Data Protection Regulation (GDPR) put even stiffer requirements on personal data protection, and the fines for noncompliance are even more substantial. These requirements create a powerful incentive for kiosk operators to consider the value of upgrading their kiosk access from standard mechanical keys to electronic access solutions to appropriately control and monitor access.

EAS Provides Intelligent Security

Until recently, a large proportion of distributed kiosks have used lock-and-key mechanisms to provide access control and physical security. These mechanical lock-and-key-based solutions make it difficult, if not impossible, to track who has which key and when they have been used (or misused) to access a piece of equipment.

Electronic-locking technology with digital credentials, remote monitoring and concealed locking hardware provides a more robust form of physical security and access control. It also provides a higher level of deterrence to vandals and thieves who try to steal kiosk equipment, merchandise, credit card data or cash.

An electronic-access solution combines three integral elements into one cohesive security system. A complete solution includes a credential with corresponding user interface, a control system and an intelligent electromechanical lock or latch.

The credential/user interface, such as a PIN/digital keypad, RFID card and reader, or Bluetooth device and reader provides the digital “key” which is transmitted to the associated user interface. The credential’s electronic data is then sent to the controller that validates the credential. If the user credential is valid, the controller then signals the intelligent latch to lock or unlock the desired kiosk door.

Upon actuation, a digital record of activity can be created and archived for future audit trail reporting. If desired, the record can be instantly transmitted via existing network connections built into the kiosk—one more digital record among many that the kiosk is already equipped to communicate across the network to which it is connected.

With significant legacy deployments, it is important to look for solutions that can easily integrate with existing infrastructure. For example, solutions exist today that can replace or be combined with, existing mechanical hardware and connected to existing onboard computers and controllers. In this case, the existing user interface built into the kiosk can be used as the input device for controlling access to the equipment.

There are five main criteria that kiosk designers and end users should assess when considering the value of using EAS.

Compliance. EAS provides the increased level of security and access tracking that is called for by both the PCI DSS and GDPR. These include strong access control measures, such as assigning a unique ID to each person who could potentially access cardholder data, and the ability to monitor and record access over time for audit trail purposes.

Ease of integration. Since most stand-alone kiosks already possess onboard digital systems and network connections that require service staff to provide passwords and other credentials, with the right solutions, adding EAS technology can be done inexpensively and seamlessly.

Service staff access. If there are multiple service staff who need to access that piece of equipment, managing and distributing mechanical keys can be time consuming and present ongoing security risks.

Remote access support. If an emergency or time-sensitive situation arises where service staff needs to access the kiosk quickly, getting them the physical key for the mechanical lock can be problematic. EAS systems can support remote access, for example by sending a time based digital key to the service person’s smartphone for immediate access.

Aesthetics. Many kiosks are designed to be eye catching and distinctive — and the presence of a mechanical lock can detract from that designed appeal. Electronic locks can be easily concealed and integrated into kiosk access panel designs. This also adds to the physical security by concealing potential attack points.

Electronic Access for Different User Needs

Today’s kiosks and self-service equipment often need more than one type of electronic access solution to achieve the required level of access control. For example, a kiosk that rents chargers for electronic devices controls the renter’s access through a user interface, such as a credit card reader or mobile device. The user interface is connected to a controller that routes the signal to the appropriate compartment lock.

Repair technicians and inventory managers have different access requirements. Remote kiosks need to be accessed to restock products or refill cash repositories, as well as for routine maintenance and technician access when repairs are needed. Access must be managed and tracked to maintain the physical integrity of the kiosk and its contents. Owners may want to limit access by service staff to specific areas of the kiosk. With electronic access solutions, operators can remotely issue service technicians timebased electronic credentials for specific compartments.

Another rapidly emerging application that EAS can help support is industrial vending systems. This is a relatively new standalone kiosk concept that is being developed for manufacturing facilities to help improve their supply chain efficiencies and lean operations.

Suppliers of components or materials for assembly will position self-service kiosks on factory floors fully stocked with the materials needed for manufacturing or assembly operations. The manufacturing staff access the kiosk using RFID or other access devices to remove parts or tools as needed. EAS provides the access control and tracking so that staff only access the materials they need for the specific task or production process they are assigned to.

Through EAS, both the manufacturer and the distributor or supplier gain access to real-time data about production, material usage, tool usage and other information. The manufacturer can track what parts or materials were withdrawn from the kiosk and assign cost tracking to each finished product. The supplier can incorporate the EAS data to efficiently manage inventory replenishment so that only the parts or materials needed are on hand when the manufacturer needs them for operation.

A Word About Design

Display and self-service kiosks use a full range of industrial design techniques to create distinctive, branded units with immediate visual appeal to the audiences they target. Unfortunately, it is often the case that locking mechanisms required to secure these kiosks aren’t addressed until late in the design process.

That desired appeal — the quintessential “high-tech” presence — can be compromised when the locks chosen do not match the overall aesthetic or the locking devices incorporated into the design fail to operate effectively over the long-term which can ultimately cause quality issues and negative customer experiences.

Self-service equipment manufacturers can avoid these issues by making locking and access hardware selection a key part of the design process early on. Southco has decades of experience with engineering both mechanical and electronic access hardware solutions to meet additional industrial design requirements. Solutions exist today that can be adapted to work with existing electronic systems to integrate smoothly into the kiosk’s design.

Looking Towards the Future

As stand-alone kiosks expand into new applications and incorporate more sophisticated technologies, ensuring that this equipment provides intuitive end user access while maintaining physical security must become a fundamental part of kiosk design. By incorporating electronic access solutions into kiosk designs early on, manufacturers can save time and resources while satisfying the physical security requirements and aesthetics of the overall design.

For operators of stand-alone kiosks who must remotely manage routine access and maintenance, EAS provides a realtime solution for controlling and tracking to whom, when and for how long access is granted, protecting valuable self-service equipment and its contents from the risk of theft. Digital, interactive stand-alone kiosks provide an useful tool that millions of people use and appreciate each day — and by making sure they are safe and secure, their appeal and value will continue to grow.

This article originally appeared in the January / February 2020 issue of Security Today.

Featured

Featured Cybersecurity

Webinars

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3