Kaspersky Embedded Systems Security for ATM and POS systems

Specialized security for ATM and POS systems

What's At Risk

All types of embedded systems are highly vulnerable to cyberattacks.

Today, embedded systems are everywhere: in ticketing machines, ATMs, kiosks, Point-of-Sale systems, medical equipment… the list goes on.

Kaspersky Embedded Systems Security protects Windows-based devices from unauthorized access and ongoing damage caused by cyberattacks. We ensure safety of your business from:

Theft and exploitation of your customers’ credentials and confidential data.

Targeted attacks, initiated through your embedded system.

All the costs associated with reputational and brand damage, and remediation at individual customer level.

Theft through duplicated credit cards, created from POS and ATM memory dumps.

Cash lost through the direct hacking of individual ATMs.

Being forced to update hardware and operating systems in order to update your security.

What We Offer

Windows Embedded systems are becoming an ever more popular target for cybercriminals. These devices tend to operate inside the corporate network, to be geographically scattered and to handle with critical data, often working with credit and debit cards. End-of-life Windows XP is still a standard for most of these systems, as is low-end hardware.

Kaspersky Embedded Systems Security is specially designed to protect such systems against specifically oriented attacks.

Supporting Low-End Operating Systems and Hardware

Supporting Low-End Operating Systems and Hardware

Kaspersky Embedded Systems Security supported on all Windows operating systems, from the Windows XP family to Windows 10 IoT Core. Hardware requirements are as little as 256Mb of RAM and 50Mb of disk space.

Default Deny for Applications, Drivers and Libraries

Default Deny for Applications, Drivers and Libraries

Windows Embedded systems are fixed passive systems designed to undertake strictly limited functions, often involving credit and debit cards. By effectively ‘freezing’ the system—preventing any drivers, libraries or applications not on an approved list from launching—Kaspersky Embedded Systems Security denies attackers access through any of these means.

Device Control


The most dangerous initial attacks on embedded system networks are closely associated with insider activity and USB and CD-ROM access. Implementing a rigorous, comprehensive device access and control policy is the most effective form of risk mitigation.

Antivirus On-Demand


Kaspersky Embedded Systems Security can be installed in ‘Default Deny for Applications and Devices only’ mode to minimize the impact on hardware resources. The solution can also be installed with the inclusion of an antivirus module that provides on-demand scanning controls within the same license, with optional real-time antivirus protection from Kaspersky Security Network.

Business Benefits

Devices based on Windows Embedded are designed to offer the best possible service to users. Their weakest point is security. We’re seeing more and more malware targeting embedded devices, including POS systems, ATMs, ticketing machines and medical devices, together with non-malware-based attacks using middleware changes and additional libraries created by insider activity.

Using a classic “anti-malware approach” is impractical due to of the limitations of low-end hardware, and is largely ineffective in this unique threat landscape. Your business needs a cybersecurity solution specifically designed to protect systems based on Windows embedded systems against new and emerging advanced cyberthreats.

Kaspersky Embedded Systems Security is designed specifically for service devices with embedded operating systems. It respects related hardware and efficiency considerations while simultaneously controlling and protecting the attack surfaces unique to these architectures.

The overall replacement of obsolete Windows XP systems is a painful process. We help you upgrade your nodes at your own pace. Kaspersky Embedded Systems Security supports all current Microsoft Windows Embedded and POS ready families, from the now unsupported Windows XP family, to Windows 10 IoT.

Powerful, effective protection against both external threats and illicit insider activity is delivered through granular Device Controls and full Default Deny mode operation for applications, drivers and libraries.

Antivirus is provided as an optional module. Once Kaspersky Embedded Systems Security is installed in Device Control and Default Deny mode, additional antivirus is not always necessary, but can be added as a further security level where needed.

Hardware requirements are low. The solution is designed to work on 256Mb RAM and 50Mb disk space while running in ‘Application Control only’ mode on Windows XP.

PCI DSS requirements (v3.1 paragraphs 5.1, 5.1.1, 5.2, 5.3, 6.2) with which the Financial Services Industry must comply, are covered by Kaspersky Embedded Systems Security and Kaspersky Security Center.

Suitable for








ATM and POS service providers


Copyright © 1997-2016 Kaspersky Lab

All Rights Reserved. Industry-leading Antivirus Software

500 Unicorn Park Woburn MA 01801