High Cybersecurity Standards: BI.ZONE Checks Ozon Bank’s New ATM Network

A Strategic Phase

The assessment covered critical layers of the infrastructure, from hardware components and embedded firmware to the network perimeter and access control policies. Security specialists simulated attacker behavior, attempting to bypass application controls, exit kiosk mode, and obtain administrative privileges on the management workstation. The testing also included vulnerability discovery at the application layer, attempts to access sensitive data, and an evaluation of the ATMs’ resistance to physical tampering and fraud scenarios.

For Ozon Bank, the project marked a strategic milestone in scaling its proprietary ATM network, which is expected to reach 350 machines across Russia in 2025. With a customer base of 38 million active users, ensuring the security of financial transactions and personal data is a top priority. The audit provided the bank with detailed recommendations for strengthening its security architecture and minimizing risks before mass deployment, a critical factor in building customer trust in offline financial services.

Protecting Reputation at Scale

Ozon Bank’s plans to expand its network to 1,000 ATMs by mid-2026 require the adoption of strict cybersecurity standards. For fintech players building independent ATM networks, deep audits – spanning software, hardware, and network perimeters – are becoming a core prerequisite for operational security and reputation protection.

Collaboration with BI.ZONE is setting a new industry benchmark for ATM security testing. Methodologies for assessing embedded systems show strong export potential and are already in demand among banks in emerging markets. Russian cybersecurity expertise is increasingly evolving into a competitive technology product for the global market.

Ozon Bank has more than 38 million active customers. Ensuring the security of their data and finances at every stage, including cash withdrawals and deposits at ATMs, is critically important. In every project, we apply expertise built over years of hands-on cybersecurity work. The assessment gave Ozon Bank a comprehensive view of its security posture, along with recommendations covering vulnerability remediation, process changes, and architectural improvements. Implementing them will systematically raise the overall level of cybersecurity

Mikhail Sidoruk

Head of Security Assessment, BI.ZONE

Discipline Meets Innovation

In July 2025, Ozon Bank began deploying its ATM network in Russia’s largest cities. The first 12 machines were installed last year, with expansion to 350 devices planned as the next step. At launch, the ATMs support cash deposits and withdrawals using Mir, Visa, and Mastercard cards issued by Russian banks. Additional functionality is expected to be added over time, potentially including on-device customer service features.

During the same period, Ozon Bank also started installing its own ATMs in order-pickup locations and retail outlets. The goal is to compensate for the lack of physical branches and provide offline access for customers who rely on cash. Current functionality is limited to cash withdrawals and account top-ups, but the bank plans to introduce new features, including digital identification.

T-Bank is also actively expanding its digital services, including offline service infrastructure, as part of its strategy to compete with traditional banks. Key development areas include ecosystem expansion, artificial intelligence, flexible deposit products with customizable terms and currencies, and deep personalization of financial services.

Across Russia’s banking sector, security initiatives are gaining momentum. Domestic companies are increasingly adopting penetration testing and security assessment services for financial platforms. In an environment of rising cyber pressure, those that combine operational discipline, innovation, and a proactive security posture are positioned to come out ahead.

Experts also highlight a growing trend toward tighter integration between ATM networks and digital payments in fintech banks. This includes expanding ATM functionality through contactless technologies and deeper integration with fintech platforms. The result is smarter, faster, and more secure financial services, alongside lower operational risks and costs.

The Foundation of Trust

ATM security audits are no longer viewed as purely technical measures. Today, they serve as a foundational tool for building customer trust and an essential element of large-scale fintech deployments. BI.ZONE’s comprehensive approach to testing Ozon Bank’s systems demonstrates the maturity of Russia’s cybersecurity market. In current conditions, deep security testing is increasingly seen as a mandatory quality standard when launching major financial services and physical infrastructure.

According to forecasts, Ozon Bank’s ATM network could expand to 1,000 devices by 2026, positioning the company among the leading fintech players by scale of proprietary ATM infrastructure. Against this backdrop, demand for security assessments of IoT devices and embedded systems is expected to grow steadily among Russian cybersecurity vendors. In the longer term, BI.ZONE’s specialized technologies have strong potential for export to countries with rapidly developing fintech markets.