What are the challenges to the ATM industry in 2025?

Payments

Effectively responding to challenges in the ATM industry requires detailed analysis and planning, as well as a comprehensive execution strategy that includes robust testing tools.

May 27, 2025 by Anamaria Burnete — Digital Marketing Specialist, Paragon Application Systems

Despite dire predictions about the death of cash and the demise of ATMs, both remain vitally important components in the global financial ecosystem. In fact, the ongoing reduction in physical bank branches in some markets has caused a resurgence of sorts in ATM withdrawals and cash purchases.

For example, Nationwide, Britain’s biggest building society, has recently published data highlighting that ATM transactions and cash usage have risen for the third year in a row. And in Sweden, long an aggressive advocate of the cashless society, its central bank has recently cited several global risk factors as drivers to retain cash as a strategic component in its long-term monetary policies.

There can be no doubt that ATMs remain a vital and vibrant channel for the delivery of cash and other financial services to account holders across the globe. In order to maintain their relevancy and provide the availability, reliability, and security required by the marketplace, ATMs require ongoing maintenance and investment, with 2025 shaping up to be a busy year for fleet operators.

Along with changes introduced by the Payment Card Industry Data Security Council such as the requirement for TR31 and TR34 encryption protocols, several additional factors are impacting the ATM channel, including the sunset of Windows 10 and the rollout of Windows 11 IoT LTSCongoing issues with fraud and cybersecurity, new government mandated signage requirements, as well as the need to streamline ATM channel operations and reduce costs.

The following paragraphs provide an overview of several critical issues demanding attention within the ATM channel in 2025. Effectively responding to these challenges requires detailed analysis and planning, as well as a comprehensive execution strategy that includes robust testing tools.

PCI DSS compliance: TR 31 and TR 34

PCI DSS 4.0 includes a mandate requiring a more secure method of key management for ATMs. Specifically, the TR-31 standard which defines how encryption keys are arranged within a key block, became mandatory starting Jan. 1, 2025.

Additionally, organizations that utilize Remote Key Loading (RKL) to transfer the TR-31 keys from their processing host will need to implement the TR-34 transport protocol, which supports the secure generation and delivery of keys from the key management system to the ATM.

Important considerations:

• Fleet owners and operators must ensure all their ATMs support encrypting PIN Pads (EPPs) and related ATM software for the TR-31 key block standard.
• For organizations that also utilize RKL, TR-34 compliant hardware and software are also required. Older EPP models that do not support TR-34 will need to be upgraded.
• Organizations that have not yet completed this upgrade may run into issues with the availability of ATM hardware components and software support, as well as testing and certification conflicts and delays.
• Failure to comply with the PCI DSS standards can have significant negative consequences, including the need to take non-conforming ATMs offline.

Windows 10 LTSC end of life and the transition to Windows 11

Microsoft has previously announced that the current and final version (22H2) of Windows 10 Long-Term Servicing Channel (LTSC) will reach its end-of life on October 14, 2025. That means Microsoft will no longer provide critical security updates and patches, leaving ATMs running the legacy software vulnerable to malware, cyberattacks, and other security breaches – thereby exposing the ATM operator to significant financial risks.

The most logical response is to upgrade the ATMs to Windows 11 IoT LTSC This version of Windows is now in General Release (GA) from Microsoft and offers many valuable updates, as well as a predictable 10-year product lifecycle and support plan.

Important considerations:

• ATM operators will need to assess their estate to determine the number of machines running Windows 10 LTSC (and older versions of Windows) in order to fully determine the size and scope of the Windows 11 upgrade.
• A detailed upgrade plan should be developed to address not only the Windows software upgrade but also any hardware upgrades or replacements that will be required. (It should be anticipated that some older ATMs will not be compatible with Windows 11.)
• Comprehensive testing of the new OS, along with Windows 11-compliant ATM applications and upgraded machines, is necessary to ensure compatibility and stability before deploying this new environment into production.

Escalating ATM security threats

The ATM channel continues to be a target for increasingly sophisticated security threats, which can be broadly categorized into these main categories:

• Skimming: Criminals are employing advanced techniques, including deep-insert skimmers and pinhole cameras, to steal card data and PINs at ATMs.
• Physical attacks: ATM tampering and break-ins are on the rise. Criminals are also employing tactics like “jackpotting” to force ATMs to dispense cash.
• Cyber vulnerabilities: With a networked PC as a core, ATMs are highly susceptible to cyberattacks, including the introduction of malware designed to manipulate cash dispensers. Unsupported software and unpatched vulnerabilities are significant entry points for attackers that are commonly exploited.

These security threats can lead to significant financial losses for both consumers and the financial institution and its customers. Even a failed attack on an individual ATM can cost thousands of dollars to repair or replace. Additionally, cyberattacks that originate from ATMs can potentially compromise an entire financial network.

Important considerations:

• Implement a multi-layered fraud detection and prevention strategy that encompasses both physical ATM security and cyber defenses.
• Maintain up-to-date software and security patches on all ATMs.
• Regularly inspect ATMs for signs of tampering, including unusual attachments or loose components, deploy anti-skimming devices, and educate customers on how to avoid ATM skimming.
• Expand ATM testing capabilities to include use cases specifically designed to help with the ongoing detection and prevention of fraud.
• Consider advanced security solutions like AI-powered monitoring for anomaly detection and behavioral analysis in ATM lobbies.

New deposit insurance signage requirements (U.S. Only)

The Federal Deposit Insurance Corporation (FDIC) has issued new rules regarding digital signage on Insured Depository Institutions’ (IDIs) digital channels that accept deposits, including all ATMs.

While the requirement for displaying the new FDIC official digital signage on existing ATMs has been extended from May 1, 2025, to March 1, 2026, any deposit-taking ATMs put into service after May 1, 2025, must begin to display the new digital sign immediately.

Important considerations:

• The IDI must ensure the FDIC digital sign is clearly and conspicuously displayed on the ATM home screen and on each transaction screen related to deposits by March 1, 2026.
• For any new ATMs deployed after May 1, 2025, the new digital signage requirement is mandatory immediately.
• To further complicate matters, if the IDI offers non-deposit products at the ATM, specific disclosures about these products not being FDIC insured must be displayed clearly and continuously on the relevant transaction screens, but they must not conflict or interfere with the FDIC signage.

Advanced task automation for ATMs

As the financial services landscape evolves rapidly toward a Digital First future, there is increasing pressure to optimize the operational efficiency of the ATM channel to not only reduce costs, but also deliver the innovative new products and services that sophisticated consumers demand.

This need to optimize operations is driving a shift away from the manual legacy processes of the past toward advanced task automation.

ATM fleet operators that fail to embrace automation risk falling behind their competitors when it comes to delivering a superior customer experience, managing operational costs, and maintaining effective channel security.

Important considerations:

• Explore solutions that offer proactive monitoring of ATMs to predict and prevent issues like cash-outs.
• Deploy testing tools and simulators that utilize technologies like virtualization and automation to maximize operational efficiency.
• Utilize remote ATM management platforms for efficient incident resolution, software updates and overall fleet management.
• Leverage data analytics to gain insights into ATM usage patterns, customer behavior and potential security threats.
• Consider smart ATMs with features like video banking and remote assistance to enhance customer service, especially in areas with reduced branch presence.

By proactively addressing these critical issues now, fleet operators can ensure the compliance, efficiency, and security of their ATM channel for the remainder of 2025 and into the future.

With compliance deadlines spanning the next several years, 2025 is the perfect year to overhaul self-service channels and embrace a proactive, strategic approach to modernization.

About Anamaria Burnete

---