Atm Security

Only available on StudyMode
  • Download(s) : 79
  • Published : April 3, 2009
Open Document
Text Preview
ATM Security in Africa

• The ATM has brought an interesting new dimension to the lifestyle of the African, enabling self service • However, the diffusion is still low in Africa
• Nigeria fastest growing globally: from 26 ATMs in 2003 to about 7,000 ATMs by December, 2008 • Ghana making appreciable stride with the entrance of Nigerian banks • South Africa and Egypt leading in installed base

Generally, ATMs

• Brings convenience, speed and control to customers
• Extended service hours, new revenue, lower cost to banks • No need to carry idle cash

ATMs in Africa
• Self Service
• Mostly cash dispensing
• Bill payment
• Funds Transfer
• Air time vending
• Currency exchange
• Cash & Cheque Deposit
• Account enquiry
• Statement printing
• PIN change

• Drive Through ATMs
• Electronic Branches
• Mobile ATMs

Despite these benefits, with deployment come security issues. Security Issues
• Part of the bigger electronic financial crime
• Most of the issues affecting ATM security in Africa have to do with card fraud and security breaches • Can be viewed from 2 dimensions
† Direct physical on ATM or
† Customer Card fraud
Direct Physical Attack
• Customer mugging
• Card theft from mail boxes
• Ram raiding using heavy truck and construction equipment • Blowing up ATM using combustible gas or explosives

South Africa: Reported Cases
• 2008: Over 500
• 2007 figure: 500
• 2006: 56
• 2003/2004 combined: 26
• Pretoria News page 5, Oct 4, 2008: police arrested 400 suspects, ironically representing 1 suspect per incident.

Nigeria: July 21, 2008
• Bank owned NCR ATM located in an eatery
• ATM Vandalised
• No access to cash of N977,500 (approx $8,500)

Card Fraud
• Card Theft
• Theft from mailboxes
• Card trapping using fake card readers
• Shoulder Surfing
• Criminal observes ‘over the shoulder’ or via small video cameras as customer enters card security information • PIN Interception
• Using special data recorder installed inside an ATM
• Card Skimming
• Using a skimming device, information contained in the magnetic stripe of a card can be captured. A single skimming device can capture information for up to 200 ATM cards before re-use. • Transaction Reversal - Criminal simulates an error condition that causes the host processor to reverse transaction as a result of inability to dispense cash. A common method is to hold on to some of the cash and wait for the time-out to elapse.

Attaching False Presenters to ATM
† A criminal may also attach a false presenter to an ATM to receive the cash dispensed when legitimate customers conduct ATM transactions. Customers leave believing that there has been an error and the criminal subsequently empties cash trapped in the false presenter. • Cloning † This is the use of duplicate (counterfeit) cards to withdraw money from a customer's account via the ATM. There are a variety of methods, but a popular one is to install fake equipment such as a fake card reader and monitor over the ATM to capture a cardholder's information and monitor the entire transaction process. Later, information gained is combined with the counterfeit card to withdraw money from the customer's account. • Phishing † This is the use of email, SMS or pop-ups to direct unsuspecting customers to fake websites to obtain card PIN and other vital information about the customer. This method has claimed many victims in Nigeria and South Africa. • Insider Operation

† Staff responsible for ATM management can deliberately or inadvertently cause fraud by misusing their privilege. In a situation involving a bank in Nigeria, a staff mapped their debit card to a customer's account and withdrew cash from the ATM. Once done, they restored the original mapping.

The Three Musketeers
• Email - Mostly used for phishing
• Internet - Phishing site after scam mail
• SMS - Notification of fake winning

Sample Phishing Email
This is to inform...
tracking img