Embed Size (px)
Citation preview
1. INTRODUCTIONThe rise of technology in India has brought into force many types of equipment that aim at more
customer satisfaction. ATM is one such machine which made money transactions easy for
customers to bank. The other side of this improvement is the enhancement of the culprit’s
probability to get his ‘unauthentic’ share. Traditionally, security is handled by requiring the
combination of a physical access card and a PIN or other password in order to access a
customer’s account. This model invites fraudulent attempts through stolen cards, badly-chosen or
automatically assigned PINs, cards with little or no encryption schemes, employees with access
to non-encrypted customer account information and other points of failure. Our paper proposes
an automatic teller machine security model that would combine a physical access card, a PIN,
and electronic facial recognition. By forcing the ATM to match a live image of a customer’s face
with an image stored in a bank database that is associated with the account number, the damage
to be caused by stolen cards and PINs is effectively neutralized. Only when the PIN matches the
account and the live image and stored image match would a user be considered fully verified. A
system can examine just the eyes, or the eyes nose and mouth, or ears, nose, mouth and
eyebrows, and so on. In this paper, we will also look into an automatic teller machine security
model providing the customers a cardless, password-free way to get their money out of an ATM.
Just step up to the camera while your eye is scanned. The iris -- the colored part of the eye the
camera will be checking -- is unique to every person, more so than fingerprints.
2. ATM SYSTEMSOur ATM system would only attempt to match two (and later, a few) discrete images, searching
through a large database of possible matching candidates would be unnecessary. The process
would effectively become an exercise in pattern matching, which would not require a great deal
of time. With appropriate lighting and robust learning software, slight variations could be
accounted for in most cases. Further, a positive visual match would cause the live image to be
stored in the database so that future transactions would have a broader base from which to
compare if the original account image fails to provide a match – thereby decreasing false
negatives. When a match is made with the PIN but not the images, the bank could limit
transactions in a manner agreed upon by the customer when the account was opened, and could
1
store the image of the user for later examination by bank officials. In regards to bank employees
gaining access to customer PINs for use in fraudulent transactions, this system would likewise
reduce that threat to exposure to the low limit imposed by the bank and agreed to by the
customer on visually unverifiable transactions. In the case of credit card use at ATMs, such a
verification system would not currently be feasible without creating an overhaul for the entire
credit card issuing industry, but it is possible that positive results (read: significant fraud
reduction) achieved by this system might motivate such an overhaul.
The last consideration is that consumers may be wary of the privacy concerns raised by
maintaining images of customers in a bank database, encrypted or otherwise, due to possible
hacking attempts or employee misuse. However, one could argue that having the image
compromised by a third party would have far less dire consequences than the account
information itself. Furthermore, since nearly all ATMs videotape customers engaging in
transactions, it is no broad leap to realize that banks already build an archive of their customer
images, even if they are not necessarily grouped with account information.
3. HISTORYThe first ATMs were off-line machines, meaning money was not automatically withdrawn from
an account. The bank accounts were not (at that time) connected by a computer network to the
ATM. Therefore, banks were at first very exclusive about who they gave ATM privileges to.
Giving them only to credit card holders (credit cards were used before ATM cards) with good
banking records. In modern ATMs, customers authenticate themselves by using a plastic card
with a magnetic stripe, which encodes the customer's account number, and by entering a numeric
pass code called a PIN (personal identification number), which in some cases may be changed
using the machine. Typically, if the number is entered incorrectly several times in a row, most
ATMs will retain the card as a security precaution to prevent an unauthorized user from working
out the PIN by pure guesswork..
4. HARDWARE AND SOFTWAREATMs contain secure crypto processors, generally within an IBM PC compatible host computer
in a secure enclosure. The security of the machine relies mostly on the integrity of the secure
2
crypto processor: the host software often runs on a commodity operating system.In-store ATMs
typically connect directly to their ATM Transaction Processor via a modem over a dedicated
telephone line, although the move towards Internet connections is under way.
In addition, ATMs are moving away from custom circuit boards (most of which are based on
Intel 8086 architecture) and into full-fledged PCs with commodity operating systems such as
Windows 2000 and Linux. An example of this is Banrisul, the largest bank in the South of
Brazil, which has replaced the MS-DOS operating systems in its automatic teller machines with
Linux. Other platforms include RMX 86, OS/2 and Windows 98 bundled with Java. The newest
ATMs use Windows XP or Windows XP embedded.
FIG. 4.1 CRYPTO PROCESSORS
5.RELIABILITYATMs are generally reliable, but if they do go wrong customers will be left without cash until the
following morning or whenever they can get to the bank during opening hours. Of course, not all
errors are to the detriment of customers; there have been cases of machines giving out money
without debiting the account, or giving out higher value notes as a result of incorrect
denomination of banknote being loaded in the money cassettes. Errors that can occur may be
mechanical (such as card transport mechanisms; keypads; hard disk failures); software (such as
operating system; device driver; application); communications; or purely down to operator error.
3
FIG. ATM CAPTURE PRESSES
6. SECURITYEarly ATM security focused on making the ATMs invulnerable to physical attack; they were
effectively safes with dispenser mechanisms. ATMs are placed not only near banks, but also in
locations such as malls, grocery stores, and restaurants. The other side of this improvement is the
enhancement of the culprit’s probability to get his ‘unauthentic’ share.
ATMs are a quick and convenient way to get cash. They are also public and visible, so it pays to
be careful when you're making transactions. Follow these general tips for your personal safety.
Stay alert. If an ATM is housed in an enclosed area, shut the entry door completely behind you.
If you drive up to an ATM, keep your car doors locked and an eye on your surroundings. If you
feel uneasy or sense something may be wrong while you're at an ATM, particularly at night or
when you're alone, leave the area.
Keep you PIN confidential. Memorize your Personal Identification Number (PIN); don't write
it on your card or leave it in your wallet or purse. Keep your number to yourself. Never provide
your PIN over the telephone, even if a caller identifies himself as a bank employee or police
officer. Neither person would call you to obtain your number.
4
Conduct transactions in private. Stay squarely in front of the ATM when completing your
transaction so people waiting behind you won't have an opportunity to see your PIN being
entered or to view any
account information. Similarly, fill out your deposit/withdrawal slips privately.
Don’t flash your cash . If you must count your money, do it at the ATM, and place your cash
into your wallet or purse before stepping away. Avoid making excessively large withdrawals. If
you think you're being followed as you leave the ATM, go to a public area near other people
and, if necessary, ask for help.
Save receipt. Your ATM receipts provide a record of your transactions that you can later
reconcile with your monthly bank statement. If you notice any discrepancies on your statement,
contact your bank as soon as possible. Leaving receipts at an ATM can also let others know how
much money you've withdrawn and how much you have in your account.
Guard your card. Don't lend your card or provide your PIN to others, or discuss your bank
account with friendly strangers. If your card is lost or stolen, contact your bank immediately.
Immediately report any crime to the police. Contact the Department Of Public Security or
your local police station for more personal safety information.
FIG. 6. ATM BANKING PROSSES
5
7 .FACIAL RECOGNITIONThe main issues faced in developing such a model are keeping the time elapsed in the
verification process to a negligible amount, allowing for an appropriate level of variation in
a customer’s face when compared to the database image, and that credit cards which can be
used at ATMs to withdraw funds are generally issued by institutions that do not have in-
person contact with the customer, and hence no opportunity to acquire a photo.
Because the system would only attempt to match two (and later, a few) discrete images,
searching through a large database of possible matching candidates would be unnecessary.
The process would effectively become an exercise in pattern matching, which would not
require a great deal of time. With appropriate lighting and robust learning software, slight
variations could be accounted for in most cases. Further, a positive visual match would
cause the live image to be stored in the database so that future transactions would have a
broader base from which to compare if the original account image fails to provide a match –
thereby decreasing false negatives.
When a match is made with the PIN but not the images, the bank could limit transactions
in a manner agreed upon by the customer when the account was opened, and could store
the image of the user for later examination by bank officials. In regards to bank
employees gaining access to customer PINs for use in fraudulent transactions, this system
would likewise reduce that threat to exposure to the low limit imposed by the bank and
agreed to by the customer on visually unverifiable transactions.
In the case of credit card use at ATMs, such a verification system would not currently be
feasible without creating an overhaul for the entire credit card issuing industry, but it is
possible that positive results (read: significant fraud reduction) achieved by this system
might motivate such an overhaul
6
FIG.7.1 FACIAL RECOGNITION
The last consideration is that consumers may be wary of the privacy concerns raised by
maintaining images of customers in a bank database, encrypted or otherwise, due to possible
hacking attempts or employee misuse. However, one could argue that having the image
compromised by a third party would have far less dire consequences than the account
information itself. Furthermore, since nearly all ATMs videotape customers engaging in
transactions, it is no broad leap to realize that banks already build an archive of their customer
images, even if they are not necessarily grouped with account information.
7.1 FACIAL RECOGNITION TECHNIQUE:There are hundreds of proposed and actual implementations of facial recognition technology
from all manner of vendors for all manner of uses. However, for the model proposed in this
paper, we are interested only in the process of facial verification – matching a live image to a
7
predefined image to verify a claim of identity – not in the process of facial evaluation – matching
a live image to any image in a database. Further, the environmental conditions under which the
verification takes place – the lighting, the imaging system, the image profile, and the processing
environment – would all be controlled within certain narrow limits, making hugely robust
software unnecessary .
One leading facial recognition algorithm class is called image template based. This
method attempts to capture global features of facial images into facial templates. What
must be taken into account, though, are certain key factors that may change across live
images: illumination, expression, and pose (profile.)
Fig. 7.1 FACIAL RECOGNITION TECHNIQUE
The conclusion to be drawn for this project, then, is that facial verification software is
currently up to the task of providing high match The natural conclusion to draw, then, is to take a
frontal image for the bank database, and to provide a prompt to the user, verbal or otherwise, to
face the camera directly when the ATM verification process is to begin, so as to avoid the need
to account for profile changes.
With this and other accommodations, recognition rates for verification can rise above 90%.
A system can examine just the eyes, or the eyes nose and mouth, or ears, nose, mouth and
8
eyebrows, and so on rates for use in ATM transactions. What remains is to find an appropriate
open-source local feature analysis facial verification program that can be used on a variety of
platforms, including embedded processors, and to determine behavior protocols for the match /
non-match cases
7.2 IRIS RECOGNITION:Inspite of all these security features, a new technology has been developed. Bank United of
Texas became the first in the United States to offer iris recognition technology at automatic teller
machines, providing the customers a cardless, password-free way to get their money out of an
ATM. There's no card to show, there's no fingers to ink, no customer inconvenience or
discomfort. It's just a photograph of a Bank United customer's eyes. Just step up to the camera
while your eye is scanned. The iris -- the colored part of the eye the camera will be checking -- is
unique to every person, more so than fingerprints. And, for the customers who can't remember
their personal identification number or password and scratch it on the back of their cards or
somewhere that a potential thief can find, no more fear of having an account cleaned out if the
card is lost or stolen.
FIG. 7.3 IRIS RECOGNITION
9
7.3 HOW THE SYSTEM WORKS.
When a customer puts in a bankcard, a stereo camera locates the face, finds the eye and
takes a digital image of the iris at a distanceof up to three feet. The resulting
computerized "iris code" is compared with one the customer will initially provide the
bank. The ATM won't work if the two codes don't match. The entire process takes less
than two seconds.
The system works equally well with customers wearing glasses or contact lenses and at night.
No special lighting is needed. The camera also does not use any kind of beam. Instead, a special
lens has been developed that will not only blow up the image of the iris, but provide more detail
when it does. Iris scans are much more accurate than other high-tech ID systems available that
scan voices, faces and fingerprints.
FIG. ATM SYSTEM WORKS
compared with about 40 for fingerprints -- and it remains constant through a person's life, unlike
a voice or a face. Fingerprint and hand patterns can be changed through alteration or injury. The
iris is the best part of the eye to use as a identifier because there are no known diseases of the iris
and eye surgery is not performed on the iris. Iris identification is the most secure, robust and
stable form of identification known to man. It is far safer, faster, more secure and accurate than
DNA testing. Even identical twins do not have identical irises. The iris remains the same from
10
18 months after birth until five minutes after death.
When the system is fully operational, a bank customer will have an iris record made for
comparison when an account is opened. The bank will have the option of identifying either the
left or right eye or both. It requires no intervention by the customer. They will simply get a letter
telling them they no longer have to use the PIN number. And, scam artists beware, a picture of
the card holder won't pass muster. The first thing the camera will check is whether the eye is
pulsating. If we don't see blood flowing through your eye, you're either dead or it's a picture.
8 SOFTWARE SPECIFICATIONFor most of the past ten years, the majority of ATMs used worldwide ran under IBM’s now-
defunct OS/2. However, IBM hasn’t issued a major update to the operating system in over six
years. Movement in the banking world is now going in two directions: Windows and Linux.
NCR, a leading world-wide ATM manufacturer, recently announced an agreement to use
Windows XP Embedded in its next generation of personalized ATMs Windows XP Embedded
allows OEMs to pick and choose from the thousands of components that make up Windows XP
Professional, including integrated multimedia, networking and database management
functionality. This makes the use of off-the-shelf facial recognition code more desirable
because it could easily be compiled for the Windows XP environment and the networking and
database tools will already be in place.
Many financial institutions are relying on Windows NT, because of its stability and maturity as
a platform. The ATMs send database requests to bank servers which do the bulk of transaction
processing (linux.org.) This model would also work well for the proposed system if the ATMs
processors were not powerful enough to quickly perform the facial recognition algorithms.
9 LITERATURE REVIEWFor most of the past ten years, the majority of ATMs used worldwide ran under IBM’s now-
defunct OS/2. However, IBM hasn’t issued a major update to the operating system in over six
years. Movement in the banking world is now going in two directions: Windows and Linux.
NCR, a leading world-wide ATM manufacturer, recently announced an agreement to use
11
Windows XP Embedded in its next generation of personalized ATMs Windows XP Embedded
allows OEMs to pick and choose from the thousands of components that make up Windows XP
Professional, including integrated multimedia, networking and database management
functionality. This makes the use of off-the-shelf facial recognition code more desirable because
it could easily be compiled for the Windows XP environment and the networking and database
tools will already be in place. For less powerful ATMs, KAL, a software development company
based in Scotland, provides Kalignite CE, which is a modification of the Windows CE platform.
This allows developers that target older machines to more easily develop complex user-
interaction systems . Many financial institutions are relying on a third choice, Windows NT,
because of its stability and maturity as a platform. On an alternative front, the largest bank in the
south of Brazil, Banrisul, has installed a custom version of Linux in its set of two thousand
ATMs, replacing legacy MS-DOS systems. The ATMs send database requests to bank servers
which do the bulk of transaction processing (linux.org.) This model would also work well for the
proposed system if the ATMs processors were not powerful enough to quickly perform the facial
recognition algorithms. In terms of the improvement of security standards, MasterCard is
spearheading an effort to heighten the encryption used at ATMs. For the past few decades, many
machines have used the Data Encryption Standard developed by IBM in the mid 1970s that uses
a 56-bit key. DES has
been shown to be rather easily cracked, however, given proper computing hardware. In recent
years, a “Triple DES” scheme has been put forth that uses three such keys, for an effective 168-
bit key length. MasterCard now requires new or relocated ATMs to use the Triple DES scheme,
and by April, 2005, both Visa and MasterCard will require that any ATM that supports their
cards must use Triple DES.
ATM manufacturers are now developing newer models that support Triple DES natively;
such redesigns may make them more amenable to also including snapshot cameras and facial
recognition software, more so than they would be in regards to retrofitting pre-existing machines
. There are hundreds of proposed and actual implementations of facial recognition technology
from all manner of vendors for all manner of uses. However, for the model proposed in this
paper, we are interested only in the process of facial verification – matching a live image to a
12
predefined image to verify a claim of identity – not in the process of facial evaluation – matching
a live image to any image in a database. Further, the environmental conditions under which the
verification takes place – the lighting, the imaging system.
10 METHODOLOGYThe first and most important step of this project will be to locate a powerful open-source facial
recognition program that uses local feature analysis and that is targeted at facial verification.
This program should be compilable on multiple systems, including Linux and Windows variants,
and should be customizable to the extent of allowing for variations in processing power of the
machines onto which it would be deployed.
We will then need to familiarize ourselves with the internal workings of the program so that
we can learn its strengths and limitations. Simple testing of this program will also need to occur
so that we could evaluate its effectiveness. Several sample images will be taken of several
individuals to be used as test cases – one each for “account” images, and several each for “live”
images, each of which would vary pose, lighting conditions, and expressions.
Once a final program is chosen, we will develop a simple ATM black box program. This
program will serve as the theoretical ATM with which the facial recognition software will
interact. It will take in a name and password, and then look in a folder for an image that is
associated with that name. It will then take in an image from a separate folder of “live” images
and use the facial recognition program to generate a match level between the two. Finally it
will use the match level to decide whether or not to allow “access”, at which point it will
terminate. All of this will be necessary, of course, because we will not have access to an actual
ATM or its software.
Both pieces of software will be compiled and run on a Windows XP and a Linux system. Once
they are both functioning properly, they will be tweaked as much as possible to increase
performance (decreasing the time spent matching) and to decrease memory footprint.
Following that, the black boxes will be broken into two components – a server and a client – to
be used in a two-machine network. The client code will act as a user interface, passing all input
data to the server code, which will handle the calls to the facial recognition software, further
reducing the memory footprint and processor load required on the client end. In this sense, the
thin client architecture of many ATMs will be emulated.
13
We will then investigate the process of using the black box program to control a USB camera
attached to the computer to avoid the use of the folder of “live” images. Lastly, it may be
possible to add some sort of DES encryption to the client end to encrypt the input data and
decrypt the output data from the server – knowing that this will increase the processor load, but
better allowing us to gauge the time it takes to process.
11.AUTOMATED TELLER MACHINEAn automated teller machine or automatic teller machine". (ATM) An automated teller
machine or automatic teller machine". (ATM (American, Australian, Singaporean, Indian,
and Hiberno-English), also known as an automated banking machine (ABM) (Canadian
English), cash machine, cashpoint, cashline or hole in the wall (British, South African, and Sri
Lankan English), is an electronic telecommunications device that enables the clients of
a financial institution to perform financial transactions without the need for a cashier, human
clerk or bank teller. On most modern ATMs, the customer is identified by inserting a
plastic ATM card with a magnetic stripe or a plastic smart card with a chipthat contains a unique
card number and some security information such as an expiration date or CVVC (CVV).
Authentication is provided by the customer entering a personal identification number (PIN). The
newest ATM at Royal Bank of Scotland allows customers to withdraw cash up to £100 without a
card by inputting a six-digit code requested through their smartphones
FIG .11.1 AN NCR PERSONAS 75-SERIES INTERIOR, MULTI-FUNCTION ATM IN THE UNITED
STATES
14
Using an ATM, customers can access their bank accounts in order to make cash withdrawals,
get debit card cash advances, and check their account balances as well as purchase pre-paid
mobile phone credit. If the currency being withdrawn from the ATM is different from that which
the bank account is denominated in (e.g.: Withdrawing Japanese yen from a bank account
containing US dollars), the money will be converted at an official wholesale exchange rate.
Thus, ATMs often provide one of the best possible official exchange rates for foreign travellers,
and are also widely used for this purpose.
11.1 EtymologyJust like the word 'account' can be traced back to 'count' or 'counting', the word 'teller' can be
traced back to counting as well. The Roman word 'count' (French compter, Italiancontare,
Spanish contar, and that also resurfaces in the word compute) has its Germanic counterpart
in tellen (Dutch) and zählen (German). Linked to this word is also the verb 'to pay', which in
Dutch is 'betalen', and in German 'bezahlen'. The word 'teller' therefore refers to both 'someone
(something) counting' and 'someone (something) paying out'.
The same pair of 'count' and 'tell' are seen in English with 'recounting a story' or 'telling a story'
having the same meaning, albeit with a different coloration. To recount (count again) is 'her-
tellen' in Dutch and 'erzählen' in German.
11.2 HistoryThe idea of self-service in retail banking developed through independent and simultaneous
efforts in Japan, Sweden, the United Kingdom and the United States. In the US patent
record, Luther George Simjian has been credited with developing a "prior art device".
Specifically his 132nd patent (US3079603) was first filed on 30 June 1960 (and granted 26
February 1963). The roll-out of this machine, called Bankograph, was delayed by a couple of
years, due in part to Simjian's Reflectone Electronics Inc. being acquired by Universal Match
Corporation. An experimental Bankograph was installed in New York City in 1961 by the City
Bank of New York, but removed after six months due to the lack of customer acceptance. The
Bankograph was an automated envelope deposit machine (accepting coins, cash and cheques)
and did not have cash dispensing features. In simultaneous and independent efforts, engineers in
Japan, Sweden, and Britain developed their own cash machines during the early 1960s. The first
15
of these that was put into use was by Barclays Bank in Enfield Town in North London, United
Kingdom, on 27 June 1967. This machine was the first in the UK and was used by English
comedy actor Reg Varney, at the time so as to ensure maximum publicity for the machines that
were to become mainstream in the UK. This instance of the invention has been wrongly credited
to John Shepherd-Barron of printing firm De La Rue, who was awarded an OBE in the 2005
New Year Honours. This design used paper cheques issued by a teller, marked with carbon-
14 for machine readability and security, that were matched with a personal identification
number.
FIG.11.1 AN OLD NIXDORF ATM
The Barclays-De La Rue machine (called De La Rue Automatic Cash System or DACS)[14] beat
the Swedish saving banks' and a company called Metior's machine (a device called Bankomat)
by a mere nine days and Westminster Bank’s-Smith Industries-Chubb system (called Chubb
MD2) by a month. The collaboration of a small start-up called Speytec and Midland
Bank developed a third machine which was marketed after 1969 in Europe and the USA by
the Burroughs Corporation. The patent for this device (GB1329964) was filed on September
1969 (and granted in 1973) by John David Edwards, Leonard Perkins, John Henry Donald, Peter
Lee Chappell, Sean Benjamin Newcombe & Malcom David Roe.
Both the DACS and MD2 accepted only a single-use token or voucher which was retained by the
machine while the Speytec worked with a card with a magnetic strip at the back. They used
principles including Carbon-14 and low-coercivity magnetism in order to make fraud more
difficult. The idea of a PIN stored on the card was developed by a British engineer working on
the MD2 named James Goodfellow in 1965 (patent GB1197183 filed on 2 May 1966 with
16
Anthony Davies). The essence of this system was that it enabled the verification of the customer
with the debited account without human intervention. This patent is also the earliest instance of a
complete “currency dispenser system” in the patent record. This patent was filed on 5 March
1968 in the USA (US 3543904) and granted on 1 December 1970. It had a profound influence on
the industry as a whole. Not only did future entrants into the cash dispenser market such as NCR
Corporation and IBM licence Goodfellow’s PIN system, but a number of later patents reference
this patent as “Prior Art Device”.
FIG 11.2 1969 ABC NEWS REPORT ON THE INTRODUCTION OF ATMS IN SYDNEY, AUSTRALIA.
PEOPLE COULD ONLY RECEIVE $25 AT A TIME AND THE BANK CARD WAS SENT BACK TO THE
USER AT A LATER DATE.
11.2 Hardware
FIG 11.3 A BLOCK DIAGRAM OF AN ATM
An ATM is typically made up of the following devices:
CPU (to control the user interface and transaction devices)
Magnetic or chip card reader (to identify the customer)
17
PIN pad EEP4 (similar in layout to a touch tone or calculator keypad), manufactured as part
of a secure enclosure
Secure cryptoprocessor, generally within a secure enclosure
Display (used by the customer for performing the transaction)
Function key buttons (usually close to the display) or a touchscreen (used to select the
various aspects of the transaction)
Record printer (to provide the customer with a record of the transaction)
Vault (to store the parts of the machinery requiring restricted access)
Housing (for aesthetics and to attach signage to)
Sensors and indicators
Due to heavier computing demands and the falling price of personal computer-like architectures,
ATMs have moved away from custom hardware architectures
using microcontrollers or application-specific integrated circuits and have adopted the hardware
architecture of a personal computer, such as USB connections for peripherals, Ethernet and IP
communications, and use personal computer operating systems. Although it is undoubtedly
cheaper to use commercial off-the-shelf hardware, it does make ATMs potentially vulnerable to
the same sort of problems exhibited by conventional personal computers. Business owners often
lease ATM terminals from ATM service providers, however based on the economies of scale, the
price of equipment has dropped to the point where many business owners are simply paying for
ATMs using a credit card. New ADA voice and text-to-speech guidelines imposed in 2010, but
required by March 2012 have forced many ATM owners to either upgrade non-compliant
machines or dispose them if they are not up-gradable, and purchase new compliant equipment.
This has created an avenue for hackers and thieves to obtain ATM hardware at junkyards from
improperly disposed decommissioned ATMs.
The vault of an ATM is within the footprint of the device itself and is where items of value are
kept. Scrip cash dispensers do not incorporate a vault.
Mechanisms found inside the vault may include:
Dispensing mechanism (to provide cash or other items of value)
Deposit mechanism including a check processing module and bulk note acceptor (to allow
the customer to make deposits)
Security sensors (magnetic, thermal, seismic, gas)
18
Locks (to ensure controlled access to the contents of the vault)
Journaling systems; many are electronic (a sealed flash memory device based on in-house
standards) or a solid-state device (an actual printer) which accrues all records of activity
including access timestamps, number of notes dispensed, etc. This is considered sensitive
data and is secured in similar fashion to the cash as it is a similar liability.
Fig. 11.4 Two Loomis employees refilling an ATM at the Downtown Seattle REI
ATM vaults are supplied by manufacturers in several grades. Factors influencing vault grade
selection include cost, weight, regulatory requirements, ATM type, operator risk avoidance
practices and internal volume requirements. Industry standard vault configurations
includeUnderwriters Laboratories UL-291 "Business Hours" and Level 1 Safes, RAL TL-30
derivatives, and CEN EN 1143-1 - CEN III and CEN IV.
ATM manufacturers recommend that an ATM vault be attached to the floor to prevent theft,
though there is a record of a theft conducted by tunnelling into an ATM floor.
11.3 SoftwareWith the migration to commodity Personal Computer hardware, standard commercial "off-the-
shelf" operating systems, and programming environments can be used inside of ATMs. Typical
platforms previously used in ATM development include RMX or OS/2.
Today the vast majority of ATMs worldwide use a Microsoft Windows operating system,
primarily Windows XP Professional or Windows XP Embedded.[citation needed] A small number of
deployments may still be running older versions of Windows OS such as Windows NT,Windows
CE, or Windows 2000.
19
FIG 11.5 A WINCOR NIXDORF ATM RUNNINGWINDOWS 2000.
There is a computer industry security view that general public desktop operating systems have
greater risks as operating systems for cash dispensing machines than other types of operating
systems like (secure) real-time operating systems (RTOS). RISKS Digest has many articles
about cash machine operating system vulnerabilities. Linux is also finding some reception in the
ATM marketplace. An example of this is Banrisul, the largest bank in the south of Brazil, which
has replaced the MS-DOS operating systems in its ATMs with Linux. Banco do Brasil is also
migrating ATMs to Linux. Indian-based Vortex Engineering is Manufacturing ATM's which
operates only with Linux. Common application layer transaction protocols, such as Diebold 91x
(911 or 912) and NCR NDC or NDC+ provide emulation of older generations of hardware on
newer platforms with incremental extensions made over time to address new capabilities,
although companies like NCR continuously improve these protocols issuing newer versions (e.g.
NCR's AANDC v3.x.y, where x.y are subversions). Most major ATM manufacturers provide
software packages that implement these protocols. Newer protocols such as IFX have yet to find
wide acceptance by transaction processors.
With the move to a more standardised software base, financial institutions have been
increasingly interested in the ability to pick and choose the application programs that drive their
equipment. WOSA/XFS, now known as CEN XFS (or simply XFS), provides a common API for
accessing and manipulating the various devices of an ATM. J/XFS is a Java implementation of
the CEN XFS API.
While the perceived benefit of XFS is similar to the Java's "Write once, run anywhere" mantra,
often different ATM hardware vendors have different interpretations of the XFS standard. The
result of these differences in interpretation means that ATM applications typically use
a middleware to even out the differences between various platforms.
20
With the onset of Windows operating systems and XFS on ATM's, the software applications
have the ability to become more intelligent. This has created a new breed of ATM applications
commonly referred to as programmable applications. These types of applications allows for an
entirely new host of applications in which the ATM terminal can do more than only
communicate with the ATM switch. It is now empowered to connected to other content servers
and video banking systems. Notable ATM software that operates on XFS platforms include
Triton PRISM, Diebold Agilis EmPower, NCR APTRA Edge, Absolute
Systems AbsoluteINTERACT, KAL Kalignite Software Platform, Phoenix Interactive
VISTAatm, Wincor Nixdorf ProTopas and Euronet EFTS.
With the move of ATMs to industry-standard computing environments, concern has risen about
the integrity of the ATM's software stack.
11.6 SecuritySecurity, as it relates to ATMs, has several dimensions. ATMs also provide a practical
demonstration of a number of security systems and concepts operating together and how various
security concerns are dealt with.
Physical
FIG.11.6 A WINCOR NIXDORF PROCASH 2100XE FRONTLOAD THAT WAS OPENED WITH
AN ANGLE GRINDER
Early ATM security focused on making the ATMs invulnerable to physical attack; they were
effectively safes with dispenser mechanisms. A number of attacks on ATMs resulted, with
thieves attempting to steal entire ATMs by ram-raiding. Since late 1990s, criminal groups
operating in Japan improved ram-raiding by stealing and using a truck loaded with a heavy
21
construction machinery to effectively demolish or uproot an entire ATM and any housing to steal
its cash.[
Another attack method, plofkraak, is to seal all openings of the ATM with silicone and fill the
vault with a combustible gas or to place an explosive inside, attached, or near the ATM. This gas
or explosive is ignited and the vault is opened or distorted by the force of the resulting explosion
and the criminals can break in This type of theft has occurred in
the Netherlands, Belgium, France, Denmark, Germany and Australia. This type of attacks can be
prevented by a number of gas explosion prevention devices also known as gas suppression
system. These systems use explosive gas detection sensor to detect explosive gas and to
neutralise it by releasing a special explosion suppression chemical which changes the
composition of the explosive gas and renders it ineffective.
Several attacks in the UK (at least one of which was successful) have emulated the traditional
WW2 escape from POW camps by digging a concealed tunnel under the ATM and cutting
through the reinforced base to remove the money.
Modern ATM physical security, per other modern money-handling security, concentrates on
denying the use of the money inside the machine to a thief, by using different types of Intelligent
Banknote Neutralisation Systems.
A common method is to simply rob the staff filling the machine with money. To avoid this, the
schedule for filling them is kept secret, varying and random. The money is often kept in
cassettes, which will dye the money if incorrectly opened.
Transactional secrecy and integrity
FIG 11.7 A TRITON BRAND ATM WITH A DIP STYLE CARD READER AND A TRIPLE DES KEYPAD
The security of ATM transactions relies mostly on the integrity of the secure cryptoprocessor:
the ATM often uses general commodity components that sometimes are not considered to be
"trusted systems".
22
Encryption of personal information, required by law in many jurisdictions, is used to prevent
fraud. Sensitive data in ATM transactions are usually encrypted with DES, but transaction
processors now usually require the use of Triple DES.[50] Remote Key Loading techniques may
be used to ensure the secrecy of the initialisation of the encryption keys in the ATM. Message
Authentication Code (MAC) or Partial MAC may also be used to ensure messages have not been
tampered with while in transit between the ATM and the financial network. In some countries a
system has been developed that if the ATM card holder is told to withdraw the cash forcefully by
the thief then if he entered his card password starting from the last digit to the first digit then the
alarm will sound in the nearest police station
Customer identity integrity
FIG 11.8 A BTMU ATM WITH A PALM SCANNER(TO THE RIGHT OF THE SCREEN)
There have also been a number of incidents of fraud by Man-in-the-middle attacks, where
criminals have attached fake keypads or card readers to existing machines. These have then been
used to record customers' PINs and bank card information in order to gain unauthorised access to
their accounts. Various ATM manufacturers have put in place countermeasures to protect the
equipment they manufacture from these threats.[51][52]
Alternative methods to verify cardholder identities have been tested and deployed in some
countries, such as finger and palm vein patterns,[53] iris, and facial recognition technologies.
Cheaper mass-produced equipment has been developed and is being installed in machines
globally that detect the presence of foreign objects on the front of ATMs, current tests have
shown 99% detection success for all types of skimming devices.[54]
23
Device operation integrity
FIG 11.9 ATMS THAT ARE EXPOSED TO THE OUTSIDE MUST BE VANDAL AND WEATHER
RESISTANT
Openings on the customer-side of ATMs are often covered by mechanical shutters to prevent
tampering with the mechanisms when they are not in use. Alarm sensors are placed inside the
ATM and in ATM servicing areas to alert their operators when doors have been opened by
unauthorised personnel.
Rules are usually set by the government or ATM operating body that dictate what happens when
integrity systems fail. Depending on the jurisdiction, a bank may or may not be liable when an
attempt is made to dispense a customer's money from an ATM and the money either gets outside
of the ATM's vault, or was exposed in a non-secure fashion, or they are unable to determine the
state of the money after a failed transaction. Customers often commented that it is difficult to
recover money lost in this way, but this is often complicated by the policies regarding suspicious
activities typical of the criminal element.[
Customer security
FG 11.9 DUNBAR ARMORED ATM TECHS WATCHING OVER ATMS THAT HAVE BEEN
INSTALLED IN A VAN
24
In some countries, multiple security cameras and security guards are a common feature.[57] In
the United States, The New York State Comptroller's Office has advised the New York State
Department of Banking to have more thorough safety inspections of ATMs in high crime areas.
Consultants of ATM operators assert that the issue of customer security should have more focus
by the banking industry; it has been suggested that efforts are now more concentrated on the
preventive measure of deterrent legislation than on the problem of ongoing forced withdrawals.
At least as far back as July 30, 1986, consultants of the industry have advised for the adoption of
an emergency PIN system for ATMs, where the user is able to send a silent alarm in response to
a threat. Legislative efforts to require an emergency PIN system have appeared
in Illinois, Kansas and Georgia, but none have succeeded yet. In January 2009, Senate Bill 1355
was proposed in the Illinois Senate that revisits the issue of the reverse emergency PIN
system. The bill is again supported by the police and denied by the banking lobby.
In 1998 three towns outside the Cleveland, Ohio, in response to an ATM crime wave, adopted
ATM Consumer Security Legislation requiring that an emergency telephone number switch be
installed at all outside ATMs within their jurisdiction. In the wake of an ATM Murder in Sharon
Hill, Pennsylvania, The City Council of Sharon Hill passed an ATM Consumer Security Bill as
well. As of July 2009, ATM Consumer Security Legislation is currently pending in New York,
New Jersey, and Washington D.C.
In China and elsewhere, many efforts to promote security have been made. On-premises ATMs
are often located inside the bank's lobby which may be accessible 24 hours a day. These lobbies
have extensive security camera coverage, a courtesy telephone for consulting with the bank staff,
and a security guard on the premises. Bank lobbies that are not guarded 24 hours a day may also
have secure doors that can only be opened from outside by swiping the bank card against a wall-
mounted scanner, allowing the bank to identify which card enters the building. Most ATMs will
also display on-screen safety warnings and may also be fitted with convex mirrors above the
display allowing the user to see what is happening behind them.
As of 2013, the only claim available about the extent of ATM connected homicides is that they
range from 500 to 1000 nationwide, covering only cases where the victim had an ATM card and
the card was used by the killer after the known time of death.
25
Alternative uses
FIG 11.10 TWO NCR PERSONAS 84 ATMS AT ABANK IN JERSEY DISPENSING TWO TYPES
OFPOUND STERLING BANKNOTES: BANK OF ENGLAND NOTES ON THE LEFT, AND STATES OF
JERSEY NOTES ON THE RIGHT
Although ATMs were originally developed as just cash dispensers, they have evolved to include
many other bank-related functions. In some countries, especially those which benefit from a fully
integrated cross-bank ATM network (e.g.: Multibanco in Portugal), ATMs include many
functions which are not directly related to the management of one's own bank account, such as:
Deposit currency recognition, acceptance, and recycling[68][69]
Paying routine bills, fees, and taxes (utilities, phone bills, social security, legal fees, taxes,
etc.)
Printing bank statements
Updating passbooks
Loading monetary value into stored value cards
Adding pre-paid cell phone / mobile phone credit.
Purchasing
Postage stamps.
Lottery tickets
Train tickets
Concert tickets
Movie tickets
Shopping mall gift certificates.
Gold[70]
Games and promotional features[71]
Cash advances
CRM at the ATM
Donating to charities[72]
26
Cheque Processing Module
Paying (in full or partially) the credit balance on a card linked to a specific current account.
Transferring money between linked accounts (such as transferring between checking and
savings accounts)
Increasingly banks are seeking to use the ATM as a sales device to deliver pre approved loans
and targeted advertising using products such as ITM (the Intelligent Teller Machine) from Aptra
Relate from NCR. ATMs can also act as an advertising channel for companies to advertise their
own products or third-party products and services.
In Canada, ATMs are called guichets automatiques in French and sometimes "Bank Machines"
in English. The Interac shared cash network does not allow for the selling of goods from ATMs
due to specific security requirements for PIN entry when buying goods. CIBC machines in
Canada, are able to top-up the minutes on certain pay as you go phones.
FIG 11.11 A SOUTH KOREAN ATM WITH MOBILE BANK PORT AND BAR CODE READER
Manufacturers have demonstrated and have deployed several different technologies on ATMs
that have not yet reached worldwide acceptance, such as:
Videoconferencing with human tellers, known as video tellers[
Biometrics, where authorisation of transactions is based on the scanning of a customer's
fingerprint, iris, face, etc.
27
Cheque/Cash Acceptance, where the ATM accepts and recognise cheques and/or currency
without using envelopes Expected to grow in importance in the US through Check
21 legislation.
Bar code scanning
On-demand printing of "items of value" (such as movie tickets, traveler's cheques, etc.)
Dispensing additional media (such as phone cards)
Co-ordination of ATMs with mobile phones
Customer-specific advertising
Integration with non-banking equipment
28
12. CONCLUSIONWe thus develop an ATM model that is more reliable in providing security by using facial
recognition software. By keeping the time elapsed in the verification process to a negligible
amount we even try to maintain the efficiency of this ATM system to a greater degree. One could
argue that having the image compromised by a third party would have far less dire consequences
than the account information itself. Furthermore, since nearly all ATMs videotape customers
engaging in transactions, it is no broad leap to realize that banks already build an archive of their
customer images, even if they are not necessarily grouped with account information.
29
