Triton Systems ATM Security

Triton understands how incredibly important security is to your business, so we make it our business to ensure that Triton ATMs have the best security possible. Increased risks make it difficult for the industry to stay ahead of the criminal element. Therefore, we’d like to take a moment to review our on-going commitment to keeping Triton ATMs safe.

  • Triton ATMs currently run a proprietary, locked down version of Microsoft Windows CE 5.0, 6.0, or Compact 7.  The operating system is customized to add additional security beyond what is provided by Microsoft.
  • Triton ATMs are locked down by not providing any access to the OS or internal storage except through our ATM software interface.  Software can only be installed by loading a software update which must be digitally signed by Triton.
  • Triton ATM’s use the Windows CE “Trusted Environment” to verify the authenticity of all software.  Every component is signed with Triton’s private key which must be verified by the operating system before executing.  In this manner the ATM is protected from executing software not created or approved by Triton.
  • All system tools have been removed from the operating system that an attacker might use to access or manipulate the system, including File Explorer, Windows Desktop, Internet Explorer, Command Shell, ActiveSync, and Remote Desktop.
  • Triton regularly monitors all security updates provided by Microsoft.  To date, Triton has never had to install a Microsoft provided update for any security reason.  Triton will continue to monitor our ATMs for security issues beyond support by Microsoft and provide updates as long as feasible.
  • In the event a security issue is identified on an operating system that is no longer supported by Microsoft and cannot be addressed by Triton, an upgrade path to a newer operating system version will be provided.  This upgrade could include a hardware upgrade as well.  Costs for any hardware/software updates will be determined at that time.

Please also see the following links on more information about security of Triton ATMs and operating system support.

Malware and Jackpotting

Two lines of defense prevent unauthorized software from making its way onto Triton ATMs.

Both lines of defense use the same technique, namely the ATM verifies that the software has been digitally signed by Triton using Triton's private key. If the digital signature is incorrect, then the ATM does not accept the software. This ensures that only legitimate software, authorized by Triton, can run on the ATM.

1. Load file is a new file which are to be loaded onto the ATM. When a software update is installed, the ATM verifies the load file's signature, and only proceeds with the installation if the signature is correct.

2. The ATM uses the Microsoft Windows CE operating system's Trusted Environment which verifies the signature of every program before it is allowed to run.

An attacker cannot generate a correct signature, because only Triton holds Triton's private key. Thus, malware cannot be imported into the ATM because the encapsulating load file's signature would be incorrect. And malware cannot run on the ATM because Windows CE's Trusted Environment would not execute a program whose signature is incorrect.


Triton's ATMs include a firewall to block unwanted communications on the ATM's TCP/IP connection. The firewall defends against malicious attempts to remotely access the ATM. It also helps the ATM to pass a PCI DSS vulnerability scan. You can verify the settings for firewall in the management functions.

If your Triton is running Windows CE 5.0, 6.0 or 7.0 the firewall function is supported on all other models, there is an upgrade kit available on

Software and Security Updates

The first thing you should check during your security review of your ATM fleet is your current software version. Triton periodically releases new software versions for all of our ATM models that include feature enhancements, as well as vital security updates to protect your investment. They are easily found on our partner site, just follow the instructions. If you have Triton Connect, you can update software remotely.


MAC stands for Message Authentication Code, which provides a method to be certain that messages between the ATM and the host are authentic and unmodified, thus preventing man-in-the-middle attacks and bogus hosts or ATMs. The first step is to contact your Host/Processor to verify if they support MACing. The Host/Processor will provide MAC Master Keys that must be loaded at the ATM just like PIN Master Keys are loaded. A Key Download is performed at the ATM and MAC Working Keys are sent from the Host/Processor to the ATM. The Host/Processor can then enable MACing.

No processor in the US currently supports MACing to our knowledge.

Secure Socket Layer (SSL)

Like MACing, SSL also provides a method for the ATM to authenticate the host, and additionally provides encryption and integrity between the Host and the ATM connected via TCP/IP (either hard wired, or with a wireless communication box). You will need Triton software version 2.4.0 software or later for the ATM to be SSL capable. The Host/Processor will provide you with Configuration information to allow you to set up your ATM to communicate SSL with their network. Additional certificate updates may need to be loaded on the ATM because of Triton’s validation of certificate authority and dates (confirm with your host processor).

If the ATM does not verify that the certificate was issued by a trusted authority, then the ATM does not authenticate the host, and an attacker can insert themselves between the ATM and the host as a man-in-the-middle, or the attacker can stand-in as a fake host. Unbeknownst to the card-holder, the attacker can eavesdrop on all communications, for example capturing the card’s track-2 data. And if no other authentication technique is employed (such as MACing), the attacker can also modify the communications, such as changing the transaction’s dollar amount or converting a declined result to approved. It cannot be argued that there is no risk of an attacker inserting themselves, that’s why SSL is being used in the first place — the very use of SSL is an admission of the risk of a malicious interloper.

Anyone can generate their own certificate, containing any arbitrary data. It takes just a few seconds using the free software OpenSSL. If an ATM does not verify that the certificate was issued by a trusted authority, then the ATM cannot differentiate an attacker’s bogus certificate from a host’s legitimate certificate.

Triton has been told by our customers that this feature makes a Triton more difficult to maintain in the field. Security is not always convenient. When making decisions between convenience and security, Triton will always err on the side of security. We hope that our customers understand this as we work to keep your portfolio safe.

Denomination Changes

Prior to 2010, ATMs did not force default master passwords to be changed when the ATM was first installed.  As a result, many ATM owners would leave the default password on the terminal. With these units it would be possible for fraudsters to log into management functions and lower the denomination value. Then a fraudster could do normal withdrawal transactions with a pre- loaded card (not trackable) to drain the unit of $20 bills while the ATM thinks it is dispensing $1s.  Our password methodology since 2010 requires access to the cash vault to modify the denomination setting.

Failure for the ATM to behave correctly during this process, causes the inability of the denomination change. It is also logged in the journal this was attempted and which user attempted it.

Anti-Skim Card Reader

Skimming devices can be added to card readers so quickly they can easily go unnoticed. Triton’s anti-skimming device works by detecting metal near or on the card reader. If metal is detected, the ATM automatically goes out of service, logs the event in its journal, and advises Triton Connect. When the skimmer is removed, the ATM automatically recovers. The anti-skim card readers also employ,

  • Magnetic Field Interference in which a jamming signal is emitted to disrupt an undetected skimmer’s reading of a magnetic stripe.
  • Encryption at Magnetic Head – Magnetic stripes are encrypted at the very first point at which they are read, defending against a skimmer inside the ATM’s cabinet.
  • Encryption of EMV Chip Card APDU – Data exchanged with an EMV chip card is encrypted on the card reader’s cable, defending against a skimmer inside the ATM’s cabinet.

PCI 3.1

In May 2020, PCI will retire standard PCI PTS POI v3 devices designed to strengthen security and reduce compromise of Point of Interaction (POI) devices. Beginning Q1 2020, all new Triton ATMs will ship with our PCI 5 certified keypad, the T10.

Triton follows the letter of the law for PCI. For a Triton ATM, a tamper cannot be reset without dual access to the Triton partner site to then go through the process Triton has set for reactivation.

Some manufacturers have settings in management functions that allow keypads to be removed without tampering.

Keypad Password Reset

With Triton, after vetting the customer to be certain that they own the ATM then a password reset token and a provided ATM software so that you can reset master passwords in both management and keypads. The tokens are tied to logins on the Triton partner site to allow access for challenge responses to accomplish password resets. All this information is held and tracked by Triton.

Triton Key Management (TKM)

TKM allows Master Keys to be loaded remotely from a host to an ATM over a public network. This will allow the keys to be changed more often and will not require a site visit to load keys once TKM is enabled. The Host must support TKM, the ATM must have version 2.4.0 or later software, as well as a T5 PCI Keypad with Firmware R2B or later, or a T9 PCI Keypad. In addition, the Host provides a Host ID, and TKM must be enabled on the ATM.

TKM uses cryptography to remotely load keys directly from the host to the ATM across a public network. This allows ATM owners, especially those with large ATM portfolios or those that operate in markets that require that master keys be changed frequently, to save time and money while improving security.

TKM verifies the host ID that Triton issues to each host. This keeps impersonator or rogue hosts from loading the attacker’s keys to the ATM.

Default Passwords

Make sure to change management passwords and keep control of them in a secure environment. Change them when technicians leave or are fired. This includes Management Function passwords (Master, Admin, Users), EPP User 1 and User 2 Passwords, and EPROM Access Code on Z180.

Triton software includes an error code present if the default master password is used, and until the password has been changed the ATM will stay out of service.

Triton Connect Call Back

Call Back is an option in the Triton Connect set up on the ATM. If Call Back is enabled, when Triton Connect contacts the ATM, the ATM will hang up and call Triton Connect back before data is exchanged. This feature is designed to prevent unauthorized systems from contacting your ATM through the communication line. This function is always enabled when using SSL.

Bolt the Cabinet

Physical security requires that the ATM be bolted securely to the floor. Triton installation manuals provide step by step instructions for proper bolting.

High Security Locks

High security locks have unique keys for each lock and are pick resistant to UL437. Triton Part Number 06100-08029 is configurable for high security locks for ARGO, ARGO FT, Traverse, RL1600, RL5000, RL2000,  9100, 9600, 9700, FT5000, and RT2000. These locks can be ordered in any number of unique keyed solutions (a unique set of locks for all of your ATMs, for select customers, or even down to the ATM level).

All manufacturers have default keys that work on all their ATMs. This is the first line of defense to keeping your mainboard secure.


At this time, Triton has developed EMV upgrade kits for our legacy products including RL2000, RL1600, RL5000 X1 and X2, FT5000 X1 and X2, RT2000 X1 and X2 (10.4” LCD only), 9100, 8100, 9700, and 9600. Our current product line of ARGOs, Traverse and FT5000 are available with EMV and fielded units also have upgrade paths to support EMV.

Advanced Security Module

With the release of the ARGO product line, Triton introduced a new security module to improve the security of communications between the ATM's mainboard and cash dispenser. The Advanced Security Module (ASM) and updated software are available for legacy ATMs as well. Triton strongly suggests that this hardware/software upgrade be loaded on all of your machines to help defend against man-in-the-middle attacks between your ATM's mainboard and dispenser.

The Triton ASM uses a software key to secure the communication traffic between the mainboard and the security module which resides in the safe with the dispenser. The software key is unique per ATM using a key exchange between the ASM and the mainboard of the ATM. Initiating the key exchange requires Master User credentials for the specific ATM as well as access to the vault. Synchronization is required anytime the mainboard or the ASM are replaced.

Close Out Plate

Triton has released the Close Out Plate Kit for legacy ATMs which will ensure that the openings on your ATM are sealed tight. When adding the close out kits, the cables also need to be rerouted. The number of kits required depends on the business hour cabinet or level one vault in question. The ARGO was designed to eliminate these risks and does not need upgrading.

Fishing Expedition

These security features are compounded in the ATM such as if you could get into the vault and press the reset button of the ASM, which is extremely difficult, and then change the mainboard on the ATM. You would still fail, as you would have to prove access to the vault to set the cassette denomination.

APCA Kits – Australia Only

Triton’s process includes making a more robust double CAM locking mechanism. The rules of APCA stipulate that damage must be visible if entry is attempted to the ATM.

CE-based ATMs are less expensive than their traditional counterparts, easier to service, and require fewer upgrades and patches. The overall cost for a Windows CE ATM is less than the price of upgrading some traditional Windows terminals and considerably less than buying a new ATM to meet Windows 10 requirements. And, replacement parts are less expensive as well. Therefore, FIs can deploy a larger ATM fleet for the same price.

NFC Reader

Coming Soon!

Anti-Skim Card Reader

A skimmer is malicious hardware attached to an ATM, cunningly hidden or camouflaged so it remains unnoticed, designed to capture card-holder data (such as a card’s magnetic stripe) for fraudulent use by a criminal at a later time. Reports of skimmers are ever increasing, and ATMs must be protected from these attacks.

Fortunately, Triton offers a new defense against this scourge, by using a new anti-skimming card reader.

Anti-Skimming Security Features

  • Metal Detection – Skimmers mounted to the card reader are detected. The ATM automatically goes out of service, logs the event in its journal, and advises Triton Connect. When the skimmer is removed, the ATM automatically recovers.
  • Magnetic Field Interference – A jamming signal is emitted to disrupt a skimmer’s reading of a magnetic stripe.
  • Encryption at Magnetic Head – Magnetic stripes are encrypted at the very first point at which they are read, defending against a skimmer inside the ATM’s cabinet.
  • Encryption of EMV Chip Card APDU – Data exchanged with an EMV chip card is encrypted on the card reader’s cable, defending against a skimmer inside the ATM’s cabinet.

With a new dashboard and updated features, taking control of your ATM fleet while increasing efficiency and reducing costs has never been easier or more affordable. From a single PC or distributed network of PCs, Triton Connect allows you to decrease costly site visits by remotely monitoring your ATMs.