{"id":2974,"date":"2022-05-18T15:21:00","date_gmt":"2022-05-18T13:21:00","guid":{"rendered":"http:\/\/10.24.225.70\/?p=2974"},"modified":"2026-04-01T16:00:40","modified_gmt":"2026-04-01T14:00:40","slug":"notes-and-thoughts-around-the-gentle-art-of-assessing-atms","status":"publish","type":"post","link":"https:\/\/complior.se\/en\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\/","title":{"rendered":"Notes and thoughts around the gentle art of assessing ATMs"},"content":{"rendered":"
\n
\n
<\/svg><\/span>Tillbaka till resurser<\/span><\/a><\/div>\n\n\n\nBlog<\/span>\n\n\n\n

Notes and thoughts around the gentle art of assessing ATMs<\/h1>\n\n\n\n
\r\n\t\r\n\t\t<\/rect>\r\n\t\t<\/line>\r\n\t\t<\/line>\r\n\t\t<\/line>\r\n\t<\/svg>\r\n\t\r\n\t\tMay 18, 2022\t<\/span>\r\n<\/div>\n\n\n

<\/svg><\/span>9 min <\/span><\/h1><\/div>\n<\/div>\n\n\n\n
\"image<\/figure>\n<\/div><\/div>\n\n\n\n
\n
\n

I must confess that ATMs have always intrigued me. Don\u2019t misunderstand me though. I know that, in most cases, that would sound like a rather suspicious statement for obvious reasons, but trust me when I say that it is not about the money they hold. I genuinely find them fascinating devices for the way they are built, and not particularly for what they do.<\/p>\n\n\n\n

This is why I couldn\u2019t have been happier when I recently was given a chance to put my hands on a fairly broad set of ATM machines. It was in the context of a broad security auditing project aimed at evaluating the overall network and application security posture of the ATM base for one of the most important and renowned banks in the world. I thought it would be nice to share at least some notes from this fun and rewarding experience, since it is not exactly an everyday business case.<\/p>\n<\/div>\n\n\n\n

\n

Determining the surface of exposure<\/h2>\n\n\n\n

As usual, preparation starts with defining how an ATM works in practice and what the critical components and interfaces are. More specifically, it is key to define what determines a target\u2019s actual surface of exposure, which is why I started with the basics and studied the main elements of an ATM.<\/p>\n\n\n\n

\n

Front-End Components<\/h3>\n\n\n\n

From a front end perspective, most ATMs have two main inputs, card reader and keypad, and four outputs, screen, receipt printer, cash dispenser, and speaker. However, hacking into an ATM through these user interfaces would not be a recommended approach, unless there are significant logical flaws in the ATM application.<\/p>\n<\/div>\n\n\n\n

\n

Back-End Components<\/h3>\n\n\n\n

The picture changes when looking at the back end. There are many additional input and output interfaces and connection points, such as connections to the financial host, administration systems, software updates, monitoring systems, and anti fraud mechanisms.<\/p>\n\n\n\n

Ultimately, ATMs are not that different from any other network connected device. Any exposed service or interface could potentially be attacked by someone with access to the network. This was the core of my role as an ATM security assessor, identifying and testing these interfaces to determine whether unauthorized access could lead to cash being dispensed.<\/p>\n<\/div>\n<\/div>\n\n\n\n

\n

XFS and overall architecture<\/h2>\n\n\n\n

Before moving forward, I needed to understand the ATM specific architecture. Typically, the ATM application does not run directly on top of the operating system. Instead, there are intermediate layers involved.<\/p>\n\n\n\n

A key component is the XFS, Extensions for Financial Services, middleware layer. This provides a client server architecture for financial applications running on Windows platforms.<\/p>\n\n\n\n

\n

The Role of XFS Middleware<\/h3>\n\n\n\n

An ATM architecture typically involves an XFS (eXtensions for Financial Services) middleware layer. This middleware provides a client-server architecture for financial applications on Windows platforms, specifically designed for devices like ATMs.<\/p>\n\n\n\n

XFS is an international standard promoted by the European Committee for Standardization (CEN\/XFS). It provides a common API for interacting with hardware regardless of manufacturer.<\/p>\n\n\n\n

Understanding XFS was a crucial part of the preparation, and also one of the most time consuming, due to its complexity and often proprietary nature.<\/p>\n<\/div>\n\n\n\n

\n

Why XFS Matters for Security<\/h3>\n\n\n\n

The ATM application communicates through the XFS layer, which is responsible for sending commands to hardware components such as the cash dispenser.<\/p>\n\n\n\n

Because of this:<\/p>\n\n\n\n

    \n
  • Access to XFS commands must be tightly controlled<\/li>\n\n\n\n
  • Compromising XFS could allow direct hardware manipulation<\/li>\n\n\n\n
  • Understanding XFS is critical for ATM security assessments<\/li>\n<\/ul>\n\n\n\n

    This part of the preparation was by far the most time-consuming due to proprietary implementations and extensive documentation.<\/p>\n<\/div>\n<\/div>\n\n\n\n

    \n

    Pentest approaches<\/h2>\n\n\n\n
    \n

    White-Box vs Grey\/Black-Box<\/h3>\n\n\n\n
      \n
    • White-box testing: Requires deep architectural knowledge<\/li>\n\n\n\n
    • Grey\/black-box testing: Depends on whether access to the ATM OS or application is achievable<\/li>\n<\/ul>\n<\/div>\n\n\n\n
      \n

      Standard Testing Mindset<\/h3>\n\n\n\n

      Ultimately, ATMs should be treated like any network-connected device. This means testers often rely on standard techniques such as:<\/p>\n\n\n\n

        \n
      • Port scanning<\/li>\n\n\n\n
      • Vulnerability scanning<\/li>\n\n\n\n
      • Exploitation attempts<\/li>\n<\/ul>\n\n\n\n

        However, ATMs come with specific threat models that must be considered.<\/p>\n<\/div>\n<\/div>\n\n\n\n

        \n

        Network Traffic Sniffing<\/h2>\n\n\n\n

        Another important testing activity is analyzing captured network traffic.<\/p>\n\n\n\n

        \n

        Challenges<\/h3>\n\n\n\n

        Network traffic analysis can be extremely complex due to:<\/p>\n\n\n\n

          \n
        • Large volumes of data<\/li>\n\n\n\n
        • Proprietary and obscure protocols<\/li>\n\n\n\n
        • Lack of documentation<\/li>\n<\/ul>\n<\/div>\n\n\n\n
          \n

          Benefits<\/h3>\n\n\n\n

          Despite the challenges, it provides valuable insights:<\/p>\n\n\n\n

            \n
          • Detection of weak or plaintext communications<\/li>\n\n\n\n
          • Understanding system interactions<\/li>\n\n\n\n
          • Identification of hidden configurations<\/li>\n<\/ul>\n\n\n\n

            In fact, some of the most interesting findings came from this phase.<\/p>\n<\/div>\n<\/div>\n\n\n\n

            \n

            Defense in depth<\/h2>\n\n\n\n

            Insights from network analysis led to a broader security consultancy effort.<\/p>\n\n\n\n

            \n

            Security Improvements Implemented<\/h3>\n\n\n\n

            Together with the technical team, we developed tailored patch packages to achieve:<\/p>\n\n\n\n

              \n
            • Enable only necessary system and network services<\/li>\n\n\n\n
            • Prevent the ATM application from being exposed on network interfaces<\/li>\n\n\n\n
            • Harden the operating system and services according to industry standards<\/li>\n\n\n\n
            • Restrict inbound access using firewall policies<\/li>\n\n\n\n
            • Strengthen encryption settings and protocols<\/li>\n\n\n\n
            • Eliminate all plain text communication between systems<\/li>\n<\/ul>\n<\/div>\n<\/div>\n\n\n\n
              \n

              Happy Ending<\/h2>\n\n\n\n

              By combining all these measures and adding additional controls such as:<\/p>\n\n\n\n

                \n
              • IP-based access restrictions<\/li>\n\n\n\n
              • Two-way certificate validation<\/li>\n<\/ul>\n\n\n\n

                The network-related attack surface was dramatically reduced. At this point, IT-based attacks became extremely unlikely, even with direct physical access to the ATM. In simple terms: if someone wants unauthorized cash now, they would need to resort to physical methods.<\/p>\n<\/div>\n<\/div><\/div>","protected":false},"excerpt":{"rendered":"

                \t\t\tAs usual, preparation starts with defining how an ATM works in practice and what the critical components and interfaces are\t\t\t<\/p>","protected":false},"author":2,"featured_media":73550,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"blogg","format":"standard","meta":{"_editorskit_title_hidden":false,"_editorskit_reading_time":6,"_editorskit_is_block_options_detached":false,"_editorskit_block_options_position":"{}","_eb_attr":"","inline_featured_image":false,"_uag_custom_page_level_css":"","wpm_timeformat":"","_wpm_styles":"","footnotes":""},"categories":[118],"tags":[117,113],"class_list":["post-2974","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blogg","tag-blog","tag-news"],"yoast_head":"\nNotes and thoughts around the gentle art of assessing ATMs - Complior<\/title>\n<meta name=\"description\" content=\"As usual, preparation starts with defining how an ATM works in practice and what the critical components and interfaces are\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/complior.se\/en\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Notes and thoughts around the gentle art of assessing ATMs - Complior\" \/>\n<meta property=\"og:description\" content=\"As usual, preparation starts with defining how an ATM works in practice and what the critical components and interfaces are\" \/>\n<meta property=\"og:url\" content=\"https:\/\/complior.se\/en\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\/\" \/>\n<meta property=\"og:site_name\" content=\"Complior\" \/>\n<meta property=\"article:published_time\" content=\"2022-05-18T13:21:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-01T14:00:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/complior.se\/wp-content\/uploads\/2022\/09\/ATM-04-scaled.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1340\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Kikki Bostrom\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kikki Bostrom\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"14 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/complior.se\\\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/complior.se\\\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\\\/\"},\"author\":{\"name\":\"Kikki Bostrom\",\"@id\":\"https:\\\/\\\/complior.se\\\/#\\\/schema\\\/person\\\/841f8a57425589a6d7f13c201d345016\"},\"headline\":\"Notes and thoughts around the gentle art of assessing ATMs\",\"datePublished\":\"2022-05-18T13:21:00+00:00\",\"dateModified\":\"2026-04-01T14:00:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/complior.se\\\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\\\/\"},\"wordCount\":868,\"publisher\":{\"@id\":\"https:\\\/\\\/complior.se\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/complior.se\\\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2022\\\/09\\\/ATM-04-scaled.png\",\"keywords\":[\"Blog\",\"news\"],\"articleSection\":[\"Blogg\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/complior.se\\\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\\\/\",\"url\":\"https:\\\/\\\/complior.se\\\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\\\/\",\"name\":\"Notes and thoughts around the gentle art of assessing ATMs - Complior\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/complior.se\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/complior.se\\\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/complior.se\\\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2022\\\/09\\\/ATM-04-scaled.png\",\"datePublished\":\"2022-05-18T13:21:00+00:00\",\"dateModified\":\"2026-04-01T14:00:40+00:00\",\"description\":\"As usual, preparation starts with defining how an ATM works in practice and what the critical components and interfaces are\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/complior.se\\\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/complior.se\\\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/complior.se\\\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\\\/#primaryimage\",\"url\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2022\\\/09\\\/ATM-04-scaled.png\",\"contentUrl\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2022\\\/09\\\/ATM-04-scaled.png\",\"width\":2560,\"height\":1340,\"caption\":\"image showing a hand giving an online vote\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/complior.se\\\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/complior.se\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Notes and thoughts around the gentle art of assessing ATMs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/complior.se\\\/#website\",\"url\":\"https:\\\/\\\/complior.se\\\/\",\"name\":\"Complior\",\"description\":\"Security beyond compliance\",\"publisher\":{\"@id\":\"https:\\\/\\\/complior.se\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/complior.se\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/complior.se\\\/#organization\",\"name\":\"Complior\",\"url\":\"https:\\\/\\\/complior.se\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/complior.se\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/Complior_logo_dark-scaled.png\",\"contentUrl\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/Complior_logo_dark-scaled.png\",\"width\":2560,\"height\":960,\"caption\":\"Complior\"},\"image\":{\"@id\":\"https:\\\/\\\/complior.se\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/complior.se\\\/#\\\/schema\\\/person\\\/841f8a57425589a6d7f13c201d345016\",\"name\":\"Kikki Bostrom\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g\",\"caption\":\"Kikki Bostrom\"},\"url\":\"https:\\\/\\\/complior.se\\\/en\\\/author\\\/kikki\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Notes and thoughts around the gentle art of assessing ATMs - Complior","description":"As usual, preparation starts with defining how an ATM works in practice and what the critical components and interfaces are","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/complior.se\/en\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\/","og_locale":"en_GB","og_type":"article","og_title":"Notes and thoughts around the gentle art of assessing ATMs - Complior","og_description":"As usual, preparation starts with defining how an ATM works in practice and what the critical components and interfaces are","og_url":"https:\/\/complior.se\/en\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\/","og_site_name":"Complior","article_published_time":"2022-05-18T13:21:00+00:00","article_modified_time":"2026-04-01T14:00:40+00:00","og_image":[{"width":2560,"height":1340,"url":"https:\/\/complior.se\/wp-content\/uploads\/2022\/09\/ATM-04-scaled.png","type":"image\/png"}],"author":"Kikki Bostrom","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Kikki Bostrom","Estimated reading time":"14 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/complior.se\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\/#article","isPartOf":{"@id":"https:\/\/complior.se\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\/"},"author":{"name":"Kikki Bostrom","@id":"https:\/\/complior.se\/#\/schema\/person\/841f8a57425589a6d7f13c201d345016"},"headline":"Notes and thoughts around the gentle art of assessing ATMs","datePublished":"2022-05-18T13:21:00+00:00","dateModified":"2026-04-01T14:00:40+00:00","mainEntityOfPage":{"@id":"https:\/\/complior.se\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\/"},"wordCount":868,"publisher":{"@id":"https:\/\/complior.se\/#organization"},"image":{"@id":"https:\/\/complior.se\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\/#primaryimage"},"thumbnailUrl":"https:\/\/complior.se\/wp-content\/uploads\/2022\/09\/ATM-04-scaled.png","keywords":["Blog","news"],"articleSection":["Blogg"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/complior.se\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\/","url":"https:\/\/complior.se\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\/","name":"Notes and thoughts around the gentle art of assessing ATMs - Complior","isPartOf":{"@id":"https:\/\/complior.se\/#website"},"primaryImageOfPage":{"@id":"https:\/\/complior.se\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\/#primaryimage"},"image":{"@id":"https:\/\/complior.se\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\/#primaryimage"},"thumbnailUrl":"https:\/\/complior.se\/wp-content\/uploads\/2022\/09\/ATM-04-scaled.png","datePublished":"2022-05-18T13:21:00+00:00","dateModified":"2026-04-01T14:00:40+00:00","description":"As usual, preparation starts with defining how an ATM works in practice and what the critical components and interfaces are","breadcrumb":{"@id":"https:\/\/complior.se\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/complior.se\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/complior.se\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\/#primaryimage","url":"https:\/\/complior.se\/wp-content\/uploads\/2022\/09\/ATM-04-scaled.png","contentUrl":"https:\/\/complior.se\/wp-content\/uploads\/2022\/09\/ATM-04-scaled.png","width":2560,"height":1340,"caption":"image showing a hand giving an online vote"},{"@type":"BreadcrumbList","@id":"https:\/\/complior.se\/notes-and-thoughts-around-the-gentle-art-of-assessing-atms\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/complior.se\/"},{"@type":"ListItem","position":2,"name":"Notes and thoughts around the gentle art of assessing ATMs"}]},{"@type":"WebSite","@id":"https:\/\/complior.se\/#website","url":"https:\/\/complior.se\/","name":"Complior","description":"Security beyond compliance","publisher":{"@id":"https:\/\/complior.se\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/complior.se\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/complior.se\/#organization","name":"Complior","url":"https:\/\/complior.se\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/complior.se\/#\/schema\/logo\/image\/","url":"https:\/\/complior.se\/wp-content\/uploads\/2025\/06\/Complior_logo_dark-scaled.png","contentUrl":"https:\/\/complior.se\/wp-content\/uploads\/2025\/06\/Complior_logo_dark-scaled.png","width":2560,"height":960,"caption":"Complior"},"image":{"@id":"https:\/\/complior.se\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/complior.se\/#\/schema\/person\/841f8a57425589a6d7f13c201d345016","name":"Kikki Bostrom","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/secure.gravatar.com\/avatar\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g","caption":"Kikki Bostrom"},"url":"https:\/\/complior.se\/en\/author\/kikki\/"}]}},"uagb_featured_image_src":{"full":["https:\/\/complior.se\/wp-content\/uploads\/2022\/09\/ATM-04-scaled.png",2560,1340,false],"thumbnail":["https:\/\/complior.se\/wp-content\/uploads\/2022\/09\/ATM-04-150x150.png",150,150,true],"medium":["https:\/\/complior.se\/wp-content\/uploads\/2022\/09\/ATM-04-300x157.png",300,157,true],"medium_large":["https:\/\/complior.se\/wp-content\/uploads\/2022\/09\/ATM-04-768x402.png",768,402,true],"large":["https:\/\/complior.se\/wp-content\/uploads\/2022\/09\/ATM-04-1024x536.png",1024,536,true],"1536x1536":["https:\/\/complior.se\/wp-content\/uploads\/2022\/09\/ATM-04-1536x804.png",1536,804,true],"2048x2048":["https:\/\/complior.se\/wp-content\/uploads\/2022\/09\/ATM-04-2048x1072.png",2048,1072,true],"trp-custom-language-flag":["https:\/\/complior.se\/wp-content\/uploads\/2022\/09\/ATM-04-18x9.png",18,9,true]},"uagb_author_info":{"display_name":"Kikki Bostrom","author_link":"https:\/\/complior.se\/en\/author\/kikki\/"},"uagb_comment_info":0,"uagb_excerpt":"As usual, preparation starts with defining how an ATM works in practice and what the critical components and interfaces are","_links":{"self":[{"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/posts\/2974","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/comments?post=2974"}],"version-history":[{"count":14,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/posts\/2974\/revisions"}],"predecessor-version":[{"id":80209,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/posts\/2974\/revisions\/80209"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/media\/73550"}],"wp:attachment":[{"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/media?parent=2974"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/categories?post=2974"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/tags?post=2974"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}