13-10-2017, 02:54 PM
An ATM also known in the United States of America as ATM ( American, British, Australian, Malaysian, South African, Singaporean, Indian, Maldivian, Hiberno, Filipino and Sri Lankan English) Automatic Banking Machine , Canadian English), cash point, cashline, minibank, cash machine, tyme machine, cash dispenser, bankomat or bancomat, is an electronic telecommunication device that allows the clients of a financial institution to carry out financial transactions, in particular withdrawal of cash, without the need of a cashier, employee or bank teller.
According to the ATM Industry Association (ATMIA) there are now about 3.5 million ATMs installed worldwide. In most modern ATMs, the customer is identified by the insertion of a plastic ATM card with a magnetic stripe or a plastic smart card with a chip containing a unique card number and certain security information, such as expiration date or CVVC (CVV). Authentication is provided by the customer by entering a personal identification number (PIN) that must match the PIN stored on the card chip (if the card is equipped) or in the database of the issuing financial institution.
By using an ATM, customers can access their deposit or credit bank accounts to perform a variety of transactions, such as cash withdrawals, check balances, or credit cell phones. If the currency withdrawn from the ATM is different from the one in which the bank account is called, the money will be converted to an official exchange rate. Therefore, ATMs usually provide the best possible exchange rates for foreign travelers, and are widely used for this purpose.
Security measures for ATMs
PIN Validation Schemes for Local Transactions
• Online PIN validation
Online PIN validation occurs if the terminal in question is connected to the central database. The PIN provided by the customer is always compared to the reference PIN registered in financial institutions. However, one disadvantage is that any malfunction of the network makes the ATM unusable until it is fixed.
• Offline PIN validation
In off-line PIN validation, the ATM is not connected to the central database. A condition for off-line PIN validation is that the ATM must be able to compare the entered PIN of the customer with the reference PIN. the terminal must be able to perform cryptographic operations and must have the required encryption keys at its disposal. The offline validation scheme is extremely slow and inefficient. Off-line PIN validation is now obsolete, as ATMs are connected to the central server on protected wireless networks.
• PIN validation for exchange transactions
There are three PIN procedures for the operation of a high-security exchange transaction. The supplied PIN is encrypted at the input terminal, during this step, a secret cryptographic key is used. In addition to other transaction elements, the encrypted PIN is transmitted to the acquirer's system. The encrypted PIN is then routed from the acquirer's system to a hardware security module. Inside it, the PIN is decrypted. With a cryptographic key used for the exchange, the decrypted key is immediately re-encrypted and routed to the system of the sender through the normal communication channels. Finally, the routed PIN is decrypted in the security module of the sender and then validated based on the techniques for validating the local online PIN.
• Shared ATMs
There are different transaction methods used at shared ATMs with respect to PIN encryption, and authentication of messages between them is called "ZONE ENCRYPTION". In this method, a trusted authority is appointed to operate on behalf of a group of banks so that they can exchange messages for automatic payment approvals.
• Hardware security module
For successful communication between banks and ATMs, the incorporation of a cryptographic module, generally called a security module, is a critical component for maintaining appropriate connections between banks and machines. The safety module is designed to be tamper resistant. The security module performs a plethora of functions, including PIN verification, exchange PIN translation, key management and message authentication. The use of the PIN in the exchanges is causing security problems since the PIN can be translated by the security module to the format used for the exchange. In addition, the security module is to generate, protect and maintain all the keys associated with the user's network.
• Authentication and Data Integrity
The personal verification process begins with the provision of personal verification information by the user. This information includes a PIN and the information provided by the customer that is recorded in the bank account. In cases where there is a storage of a cryptographic key on the bank card, it is called a personal key (PK). The processes of personal identification can be made using the authentication parameter (AP). It is capable of functioning in two ways. The first option is where an AP can be invariant over time. The second option is where an AP can be a time variant. There is the case where there is an IP that is based on both the time variant information and the transaction request message. In a case where an AP can be used as a message authentication (MAC) code, the use of message authentication is done to look for obsolete or false messages that could be routed both in the communication path and in the detection of modified messages that are fraudulent and that can pass through unsafe communication systems. In such cases, the AP has two purposes.
Security
Security breaches in electronic funds transfer systems can be done without delimiting their components. Electronic funds transfer systems have three components; which are communication links, computers and terminals (ATMs). First, communication links are prone to attack. The data may be exposed by passive means or direct means in which a device is inserted to retrieve the data. The second component is computer security. There are different techniques that can be used to gain access to a computer, such as accessing it through a remote terminal or other peripheral devices such as the card reader. The hacker had obtained unauthorized access to the system, so the programs or data can be manipulated and altered by the hacker. Terminal security is an important component in cases where encryption keys reside in terminals. In the absence of physical security, an abuser may seek a key that replaces its value.
According to the ATM Industry Association (ATMIA) there are now about 3.5 million ATMs installed worldwide. In most modern ATMs, the customer is identified by the insertion of a plastic ATM card with a magnetic stripe or a plastic smart card with a chip containing a unique card number and certain security information, such as expiration date or CVVC (CVV). Authentication is provided by the customer by entering a personal identification number (PIN) that must match the PIN stored on the card chip (if the card is equipped) or in the database of the issuing financial institution.
By using an ATM, customers can access their deposit or credit bank accounts to perform a variety of transactions, such as cash withdrawals, check balances, or credit cell phones. If the currency withdrawn from the ATM is different from the one in which the bank account is called, the money will be converted to an official exchange rate. Therefore, ATMs usually provide the best possible exchange rates for foreign travelers, and are widely used for this purpose.
Security measures for ATMs
PIN Validation Schemes for Local Transactions
• Online PIN validation
Online PIN validation occurs if the terminal in question is connected to the central database. The PIN provided by the customer is always compared to the reference PIN registered in financial institutions. However, one disadvantage is that any malfunction of the network makes the ATM unusable until it is fixed.
• Offline PIN validation
In off-line PIN validation, the ATM is not connected to the central database. A condition for off-line PIN validation is that the ATM must be able to compare the entered PIN of the customer with the reference PIN. the terminal must be able to perform cryptographic operations and must have the required encryption keys at its disposal. The offline validation scheme is extremely slow and inefficient. Off-line PIN validation is now obsolete, as ATMs are connected to the central server on protected wireless networks.
• PIN validation for exchange transactions
There are three PIN procedures for the operation of a high-security exchange transaction. The supplied PIN is encrypted at the input terminal, during this step, a secret cryptographic key is used. In addition to other transaction elements, the encrypted PIN is transmitted to the acquirer's system. The encrypted PIN is then routed from the acquirer's system to a hardware security module. Inside it, the PIN is decrypted. With a cryptographic key used for the exchange, the decrypted key is immediately re-encrypted and routed to the system of the sender through the normal communication channels. Finally, the routed PIN is decrypted in the security module of the sender and then validated based on the techniques for validating the local online PIN.
• Shared ATMs
There are different transaction methods used at shared ATMs with respect to PIN encryption, and authentication of messages between them is called "ZONE ENCRYPTION". In this method, a trusted authority is appointed to operate on behalf of a group of banks so that they can exchange messages for automatic payment approvals.
• Hardware security module
For successful communication between banks and ATMs, the incorporation of a cryptographic module, generally called a security module, is a critical component for maintaining appropriate connections between banks and machines. The safety module is designed to be tamper resistant. The security module performs a plethora of functions, including PIN verification, exchange PIN translation, key management and message authentication. The use of the PIN in the exchanges is causing security problems since the PIN can be translated by the security module to the format used for the exchange. In addition, the security module is to generate, protect and maintain all the keys associated with the user's network.
• Authentication and Data Integrity
The personal verification process begins with the provision of personal verification information by the user. This information includes a PIN and the information provided by the customer that is recorded in the bank account. In cases where there is a storage of a cryptographic key on the bank card, it is called a personal key (PK). The processes of personal identification can be made using the authentication parameter (AP). It is capable of functioning in two ways. The first option is where an AP can be invariant over time. The second option is where an AP can be a time variant. There is the case where there is an IP that is based on both the time variant information and the transaction request message. In a case where an AP can be used as a message authentication (MAC) code, the use of message authentication is done to look for obsolete or false messages that could be routed both in the communication path and in the detection of modified messages that are fraudulent and that can pass through unsafe communication systems. In such cases, the AP has two purposes.
Security
Security breaches in electronic funds transfer systems can be done without delimiting their components. Electronic funds transfer systems have three components; which are communication links, computers and terminals (ATMs). First, communication links are prone to attack. The data may be exposed by passive means or direct means in which a device is inserted to retrieve the data. The second component is computer security. There are different techniques that can be used to gain access to a computer, such as accessing it through a remote terminal or other peripheral devices such as the card reader. The hacker had obtained unauthorized access to the system, so the programs or data can be manipulated and altered by the hacker. Terminal security is an important component in cases where encryption keys reside in terminals. In the absence of physical security, an abuser may seek a key that replaces its value.