What is an Automated Teller Machine?
An automated teller machine (ATM) is an electronic banking channel that allows individuals to complete basic transactions without the assistance of a branch representative or teller. ATMs can be accessed by anyone with a debit card or credit card.
Types of ATMs
There are two basic types of ATMs:
Moving forward, analysts believe that ATMs will become increasingly popular and they also predict an increase in the number of ATM withdrawals. ATMs of the future are expected to become full-service terminals instead of or in addition to customary bank tellers.
ATMs are mostly owned by credit unions and banks. However, it is also possible for businesses and individuals to lease or buy ATMs, through an ATM franchise or on their own. When ATMs are owned by individuals or small businesses such as gas stations or restaurants, the profit model is centered on charging fees to the machine’s users. Banks also own ATMs with this aim, but in addition, the accessibility of an ATM is a service bank’s use to attract clients. ATMs are also known to take some of the customer service burden off bank tellers, saving banks money in payroll costs.
With the rise in technological advancements, operations and transactions for banks have now become stress free and easy. Banks now offer customers with enhanced services by assisting them in net banking besides their ATM services. With these enhanced services also come unfathomable security risks (a fact well known to customers and banks). In the remaining pat of this article, let’s take a look at the ATM security from a physical and logical perspective.
Banks are now focusing more on securing their customer’s interests from ATM frauds. Customer awareness is also known to contribute towards guaranteeing ATM security. This is because the most common techniques are ATM card skimming, card jamming, card swapping, ATM card theft, physical attack, ATM take away, mugging, shoulder surfing vandalism, and ATM jackpotting.
To help deal with these different types of ATM attacks, ATM security measures could be of two types: physical security measures and logical security measures.
Physical ATM security is vital in cases where cipher keys exist in terminals. When there is no physical security, an abuser will be able to probe for a key or substitute its value. To avoid such exploitations, banks should be keen on preserving the integrity of non-secret parameters and also the privacy of secret parameters. ATM security should thus focus on protecting ATMs from physical attacks. Modern ATM security focuses on rejecting access to money inside the machine to a thief, by employing techniques like smoke canisters and dye-markers.
Other methods include:
PCI perspective of physical ATM security
According to PCI PTS, the following factors will have to be considered for ATM security:
Network plays a vital role in the working of ATMs from the time when a customer swipes a card, enters the PIN and details are then sent to the RDBMS for validation. Usually, attackers intercept this information to execute logical frauds. The following logical security measures can help avert such incidents:
PCI perspective for logical ATM security
The following aspects should be considered when you look at logical ATM security from a PCI standpoint:
On the PCI PIN front, it is essential to implement, maintain and protect the PIN. The main items to note on this front include:
Besides all of the above-discussed ATM security measures, ATM users should use a machine that is placed in a well-lighted public place. According to Federal law, only the last four digits of the cardholder’s account number should be printed on the transaction receipt so that when a user leaves behind the receipt at the machine location, the account number still remains to be secured. However, it is still essential to hide the entry of your four-digit personal identification number (PIN) on the keypad and this can be done by positioning your body and hand in such a way that the PIN entered by you cannot be recorded by store employees or store cameras. The cardholder’s PIN is not recorded in the journal, but the account number gets recorded. Hence, if you protect your PIN, you automatically protect your account.