Self-Service Terminals (SSTs), such as Automated Teller Machines (ATMs), generally include a personal computer (PC) at their core that control the SST operations. Such operations include communication with backend systems, receiving data and physical item input, and outputting data and physical items such as currency, receipts, and the like during the course of an SST transaction. Input to and output from an SST is typically received and output via SST peripheral devices, such as cash dispensers, Personal Identification Number (PIN) Pads, and the like.
Internal SST communications between the PC and the peripheral devices has very little authentication and security. This can result in the SST being vulnerable to malware, which, from a device perspective, impersonates the SST PC application or platform. The malware may force the peripheral devices to perform sensitive actions that have not been authorized, such as dispensing cash, vouchers, postage stamps, and the like.