Automated teller machine Totally Explained

Everything about Automated Teller Machine totally explained

Automated teller machine (ATM) is a computerized telecommunications device that provides the customers of a financial institution with access to financial transactions in a public space without the need for a human clerk or bank teller. On most modern ATMs, the customer is identified by inserting a plastic ATM card with a magnetic stripe or a plastic smartcard with a chip, that contains a unique card number and some security information, such as an expiration date or CVC (CVV). Security is provided by the customer entering a personal identification number (PIN).
Using an ATM, customers can access their bank accounts in order to make cash withdrawals (or credit card cash advances) and check their account balances. ATMs are known by various casual terms including automated banking machine, money machine, bank machine, cash machine, hole-in-the-wall, cashpoint or Bancomat (in Europe and Russia).

History

A mechanical cash dispenser was developed and built In Lincoln, Nebrska but removed after six months due to the lack of customer acceptance.
The ATM got smaller, faster and easier to use over the years. Thereafter, the history of ATMs paused for over 25 years, until De La Rue developed the first electronic ATM, which was installed first in Enfield Town in North London, United Kingdom on 27 June 1967 by Barclays Bank. This instance of the invention is credited to John Shepherd-Barron, although various other engineers were awarded patents for related technologies at the time. Shepherd-Barron was awarded an OBE in the 2005 New Year's Honours List. The first person to use the machine was the British variety artist and actor Reg Varney. The first ATMs accepted only a single-use token or voucher, which was retained by the machine. These worked on various principles including radiation and low-coercivity magnetism that was wiped by the card reader to make fraud more difficult.

Global use

There are no hard international or government-compiled numbers totaling the complete number of ATMs in use worldwide. Estimates developed by ATMIA place the number of ATMs in use at over 1.5 million as of August 2006.
   For the purpose of analyzing ATM usage around the world, financial institutions generally divide the world into seven regions, due to the penetration rates, usage statistics, and features deployed. Four regions (USA, Canada, Europe, and Japan) have high numbers of ATMs per million people and generally slowing growth rates. Despite the large number of ATMs, there's additional demand for machines in the Asia/Pacific area as well as in Latin America. ATMs have yet to reach high numbers in the Near East/Africa. The world's most northerly installed ATM is located at Longyearbyen, Svalbard, Norway. The world's most southerly installed ATM is located at McMurdo Station, Antarctica.
   While ATMs are ubiquitous on modern cruise ships, ATMs can also be found on some US Navy ships.
   In the United Kingdom, an ATM may be colloqually referred to as a "Cashpoint", named after the Lloyds Bank ATM brand, or hole-in-the-wall.

Hardware

An ATM is typically made up of the following devices:

CPU (to control the user interface and transaction devices)
Magnetic and/or Chip card reader (to identify the customer)
PIN Pad (similar in layout to a Touch tone or Calculator keypad), often manufactured as part of a secure enclosure.
Secure cryptoprocessor, generally within a secure enclosure.
Display (used by the customer for performing the transaction)
Function key buttons (usually close to the display) or a Touchscreen (used to select the various aspects of the transaction)
Record Printer (to provide the customer with a record of their transaction)
Vault (to store the parts of the machinery requiring restricted access)
Housing (for aesthetics and to attach signage to)

Recently, due to heavier computing demands and the falling price of computer-like architectures, ATMs have moved away from custom hardware architectures using microcontrollers and/or application-specific integrated circuits to adopting a hardware architecture that's very similar to a personal computer. Many ATMs are now able to use operating systems such as Microsoft Windows and Linux. Although it's undoubtedly cheaper to use commercial off-the-shelf hardware, it does make ATMs vulnerable to the same sort of problems exhibited by conventional computers.

Vaults

The vault of an ATM is within the footprint of the device itself and is where items of value are kept. Scrip cash dispensers don't incorporate a vault.
Mechanisms found inside the vault may include:

Dispensing mechanism (to provide cash or other items of value)

Deposit mechanism, including a Cheque Processing Module and Batch Note Acceptor (to allow the customer to make deposits)

Security sensors (Magnetic, Thermal, Seismic)

Locks: (to ensure controlled access to the contents of the vault) ATM vaults are supplied by manufacturers in several grades. Factors influencing vault grade selection include cost, weight, regulatory requirements, ATM type, operator risk avoidance practices, and internal volume requirements.
Industry standard vault configurations include Underwriters Laboratories UL-291 "Business Hours" and Level 1 Safes, RAL TL-30 derivatives, and CEN EN 1143-1:2005 - CEN III/VdS and CEN IV/LGAI/VdS.
ATM manufacturers recommend that vaults be attached to the floor to prevent theft.

Software

With the migration to commodity PC hardware, standard commercial "off-the-shelf" operating systems and programming environments can be used inside of ATMs. Typical platforms used in ATM development include RMX, OS/2, and Microsoft operating systems (such as MS-DOS, PC-DOS, Windows NT, Windows 2000, Windows XP Professional, or Windows XP Embedded). Java, Linux and Unix may also be used in these environments. Linux is also finding some reception in the ATM marketplace. An example of this is Banrisul, the largest bank in the south of Brazil, which has replaced the MS-DOS operating systems in its ATMs with Linux. Banco do Brasil is also migrating ATMs to Linux.
   Common application layer transaction protocols, such as Diebold 911 or 912, IBM PBM, and NCR NDC or NDC+ provide emulation of older generations of hardware on newer platforms with incremental extensions made over time to address new capabilities. Most major ATM manufacturers provide software packages that implement these protocols. Newer protocols such as IFX have yet to find wide acceptance by transaction processors.
   With the move to a more standardized software base, financial institutions have been increasingly interested in the ability to pick and choose the application programs that drive their equipment. WOSA/XFS, now known as CEN XFS (or simply XFS), provides a common API for accessing and manipulating the various devices of an ATM. J/XFS is a Java implementation of the CEN XFS API.
   While the perceived benefit of XFS is similar to the Java's "Write once, run anywhere" mantra, often different ATM hardware vendors have different interpretations of the XFS standard. The result of these differences in interpretation means that ATM applications typically use a middleware to even out the differences between various platforms.
   Notable XFS middleware platforms include Triton PRISM, Diebold Agilis, CR2 BankWorld, KAL Kalignite, NCR Corporation Aptra Edge, Phoenix Interactive VISTAatm, and Wincor Nixdorf Protopas.
   With the move of ATMs to industry-standard computing environments, concern has risen about the integrity of the ATM's software stack.

Security

Security, as it relates to ATMs, has several dimensions. ATMs also provide a practical demonstration of a number of security systems and concepts operating together and how various security concerns are dealt with.

Physical

Early ATM security focused on making the ATMs invulnerable to physical attack; they were effectively safes with dispenser mechanisms. A number of attacks on ATMs resulted, with thieves attempting to steal entire ATMs by ram-raiding. Since late 1990s, criminal groups operating in Japan improved ram-raiding by stealing and using a truck loaded with a heavy construction machinery to effectively demolish or uproot an entire ATM and any housing to steal its cash.
Another attack method is to seal all openings of the ATM with silicone and fill the vault with a combustible gas or to place an explosive inside, attached, or near the ATM. This gas or explosive is ignited and the vault is opened or distorted by the force of the resulting explosion and the criminals can break in.
Modern ATM physical security, per other modern money-handling security, concentrates on denying the use of the money inside the machine to a thief, by means of techniques such as dye markers and smoke canisters.

Transactional secrecy and integrity

The security of ATM transactions relies mostly on the integrity of the secure cryptoprocessor: the ATM often uses commodity components that are not considered to be "trusted systems".
Encryption of personal information, required by law in many jurisdictions, is used to prevent fraud. Sensitive data in ATM transactions are usually encrypted with DES, but transaction processors now usually require the use of Triple DES. Remote Key Loading techniques may be used to ensure the secrecy of the initialization of the encryption keys in the ATM. Message Authentication Code (MAC) or Partial MAC may also be used to ensure messages have not been tampered with while in transit between the ATM and the financial network.

Customer identity integrity

There have also been a number of incidents of fraud where criminals have attached fake keypads or card readers to existing machines. These have then been used to record customers' PINs and bank card information in order to gain unauthorised access to their accounts. Various ATM manufacturers have put in place countermeasures to protect the equipment they manufacture from these threats.
Alternate methods to verify cardholder identities have been tested and deployed in some countries, such as finger and palm vein patterns, iris, and facial recognition technologies. Cost of integrating and implementing these technologies along with concerns about consumer acceptance have limited their deployment so far.

Device operation integrity

Openings on the customer-side of ATMs are often covered by mechanical shutters to prevent tampering with the mechanisms when they're not in use. Alarm sensors are placed inside the ATM and in ATM servicing areas to alert their operators when doors have been opened by unauthorized personnel.
Rules are usually set by the government or ATM operating body that dictate what happens when integrity systems fail. Depending on the jurisdiction, a bank may or may not be liable when an attempt is made to dispense a customer's money from an ATM and the money either gets outside of the ATM's vault, or was exposed in a non-secure fashion, or they're unable to determine the state of the money after a failed transaction. Bank customers often complain that banks have made it difficult to recover money lost in this way, but this is often complicated by the Bank's own internal policies regarding suspicious activities typical of the criminal element.

Customer security

In some areas, multiple security cameras and security guards are a common feature. The NY State Comptroller's Office has criticized the NY State Department of Banking for not following through on safety inspections of ATMs in high crime areas.
Critics of ATM operators assert that the issue of customer security appears to have been abandoned by the banking industry; it has been suggested that efforts are now more concentrated on deterrent legislation than on solving the problem of forced withdrawals.
At least as far back as July 30 1986, critics of the industry have called for the adoption of an emergency PIN system for ATMs, where the user is able to send a silent alarm in response to a threat. Legislative efforts to require an emergency PIN system have appeared in Illinois, Kansas and Georgia, but none have succeeded as of yet.

Alternative uses

Although ATMs were originally developed as just cash dispensers, they've evolved to include many other bank-related functions. In some countries, especially those which benefit from a fully integrated cross-bank ATM network (for example: Multibanco in Portugal), ATMs include many functions which are not directly related to the management of one's own bank account, such as:

Deposit currency recognition, acceptance, and recycling

Paying routine bills, fees, and taxes (utilities, phone bills, social security, legal fees, taxes, etc.)

Printing bank statements

Updating passbooks

Loading monetary value into stored value cards

Purchasing

Games and promotional features

Donating to charities

Cheque Processing Module

In Argentina, Austria, Australia, Belgium, Brazil, Cook Islands, Croatia, Finland, Germany, Greece, Hungary, Ireland, India, Indonesia, Israel, Italy, Poland, Philippines, Mexico, New Zealand, Nigeria, Norway, Portugal, South Africa, Spain, Sweden, Turkey, Ukraine and the United Kingdom, pre-paid cell phones can be recharged through some ATMs. Increasingly Banks are seeking to use the ATM as a sales device to deliver pre approved loans and targeted advertising using products such as ITM (the Intelligent Teller Machine) from CR2 or Aptra Relate from NCR.
   In Canada, ATMs are called guichets automatiques in French and sometimes "Bank Machines" in English. The Interac shared cash network doesn't allow for the selling of goods from ATMs due to specific security requirements for PIN entry when buying goods.
   ATMs can also act as an advertising channel for companies to advertise their own products or third-party products and services.
   Manufactures have demonstrated and have deployed several different technologies on ATMs that have not yet reached worldwide acceptance, such as:

Biometrics, where authorization of transactions is based on the scanning of a customer's fingerprint, iris, face, etc. Biometrics on ATMs can be found in Asia.

Cheque/Cash Acceptance, where the ATM accepts and recognise cheques and/or currency without using envelopes Expected to grow in importance in the US through Check 21 legislation.

Bar code scanning

On-demand printing of "items of value" (such as movie tickets, Travellers Cheques, etc.)

Dispensing additional media (such as phone cards)

Co-ordination of ATMs with mobile phones

Customer-specific advertising

Integration with non-banking equipment

Reliability

Before an ATM is placed in a public place, it typically has undergone extensive testing with both test money and the backend computer systems that allow it to perform transactions. Banking customers also have come to expect high reliability in their ATMs, which provides incentives to ATM providers to minimize machine and network failures. Financial consequences of incorrect machine operation also provide high degrees of incentive to minimize malfunctions.
   ATMs and the supporting electronic financial networks are generally very reliable, with industry benchmarks typically producing 98.25% customer availability for ATMs and up to 99.999% availability for host systems. If ATMs do go out of service, customers could be left without the ability to make transactions until the beginning of their bank's next time of opening hours.
   Of course, not all errors are to the detriment of customers; there have been cases of machines giving out money without debiting the account, or giving out higher value notes as a result of incorrect denomination of banknote being loaded in the money cassettes. Errors that can occur may be mechanical (such as card transport mechanisms; keypads; hard disk failures); software (such as operating system; device driver; application); communications; or purely down to operator error.
   To aid in reliability, some ATMs print each transaction to a roll paper journal that's stored inside the ATM, which allows both the users of the ATMs and the related financial institutions to settle things based on the records in the journal in case there's a dispute. In some cases, transactions are posted to an electronic journal to remove the cost of supplying journal paper to the ATM and for more convenient searching of data.
   Improper money checking can cause the possibility of a customer receiving counterfeit banknotes from an ATM. While Bank personnel are generally trained better at spotting and removing counterfeit cash, the resulting ATM money supplies used by banks provide no absolute guarantee for proper banknotes, as the Federal Criminal Police Office of Germany has confirmed that there are regularly incidents of false banknotes having been provided through bank ATMs. Some ATMs may be stocked and wholly owned by outside companies, which can further complicate this problem when it happens. Bill validation technology can be used by ATM providers to help ensure the authenticity of the cash before it's stocked in an ATM; ATMs that have cash recycling capabilities include this capability.

Fraud

As with any device containing objects of value, ATMs and the systems they depend on to function are the targets of fraud. Fraud against ATMs and people's attempts to use them takes several forms.
   The first known instance of a fake ATM was installed at a shopping mall in Manchester, Connecticut in 1993. By modifying the inner workings of a Fujitsu model 7020 ATM, a criminal gang known as The Bucklands Boys were able to steal information from cards inserted into the machine by customers.
   In some cases, bank fraud could occur at ATMs whereby the bank accidentally stocks the ATM with bills in the wrong denomination, therefore giving the customer more money than should be dispensed. The result of receiving too much money may be influenced on the Card Holder Agreement in place between the customer and the Bank.
   In a variation of this, WAVY-TV reported an incident in Virginia Beach of September 2006 where a hacker who had probably obtained a factory-default admin password for a gas station's white label ATM caused the unit to assume it was loaded with $5 USD bills instead of $20s, enabling himself--and many subsequent customers--to walk away with four times the money they said they wanted to withdraw.
   ATM behavior can change during what is called "stand-in" time, where the Bank's cash dispensing network is unable to access databases that contain account information (possibly for database maintenance). In order to give customers access to cash, customers may be allowed to withdraw cash up to a certain amount that may be less than their usual daily withdrawal limit, but may still exceed the amount of available money in their account, which could result in fraud.

Card fraud

In an attempt to prevent criminals from shoulder surfing the customer's PINs, some banks draw privacy areas on the floor.
   For a low-tech form of fraud, the easiest is to simply steal a customer's card. A later variant of this approach is to trap the card inside of the ATM's card reader with a device often referred to as a Lebanese loop. When the customer gets frustrated by not getting the card back and walks away from the machine, the criminal is able to remove the card and withdraw cash from the customer's account.
   Another simple form of fraud involves attempting to get the customer's bank to issue a new card and stealing it from their mail.
   The concept and various methods of copying the contents of an ATM card's magnetic stripe on to a duplicate card to access other people's financial information was well known in the hacking communities by late 1990.
   In 1996 Andrew Stone, a computer security consultant from Hampshire in the UK was convicted of stealing in excess of £1 million Sterling (at the time equivalent to US$1.6 million) by pointing high definition video cameras at ATMs from a considerable distance, and by recording the card numbers, expiry dates, etc. from the embossed detail on the ATM cards along with video footage of the PINs being entered. After getting all the information from the videotapes, he was able to produce clone cards which not only allowed him to withdraw the full daily limit for each account, but also allowed him to sidestep withdrawal limits by using multiple copied cards. In court, it was shown that he could withdraw as much as £10,000 per hour by using this method. Stone was sentenced to five years and six months in prison.
   By contrast, a newer high-tech modus operandi involves the installation of a magnetic card reader over the real ATM's card slot and the use of a wireless surveillance camera or a modified digital camera to observe the user's PIN. Card data is then cloned onto a second card and the criminal attempts a standard cash withdrawal. The availability of low-cost commodity wireless cameras and card readers has made it a relatively simple form of fraud, with comparatively low risk to the fraudsters.
   In an attempt to stop these practices, countermeasures against card cloning have been developed by the banking industry, in particular by the use of smart cards which can't easily be copied or spoofed by un-authenticated devices, and by attempting to make the outside of their ATMs tamper evident. Older chip-card security systems include the French Carte Bleue, Visa Cash, Mondex, Blue from American Express and EMV '96 or EMV 3.11. The most actively developed form of smart card security in the industry today is known as EMV 2000 or EMV 4.x. EMV is widely used in the UK (Chip and PIN) and parts of Europe, but when it isn't available in a specific area, ATMs must fallback to using the easy to copy magnetic stripe to perform transactions. This fallback behaviour can be exploited. However the fallback option has been removed by several UK banks, meaning if the chip isn't read, the transaction will be declined.

Related devices

A Talking ATM is a type of ATM that provides audible instructions so that persons who can't read an ATM screen can independently use the machine. All audible information is delivered privately through a standard headphone jack on the face of the machine. Alternatively, some banks such as the Nordea and Swedbank use a built-in external speaker which may be invoked by pressing the talk button on the keypad. Information is delivered to the customer either through pre-recorded sound files or via text-to-speech speech synthesis.
   A postal interactive kiosk may also share many of the same components as an ATM (including a vault), but only dispenses items relating to postage.
   A scrip cash dispenser may share many of the same components as an ATM, but lacks the ability to dispense physical cash and consequently requires no vault. Instead, the customer requests a withdrawal transaction from the machine, which prints a receipt. The customer then takes this receipt to a nearby sales clerk, who then exchanges it for cash from the till.
   A Teller Assist Unit may also share many of the same components as an ATM (including a vault), but they're distinct in that they're designed to be operated solely by trained personnel and not the general public, they don't integrate directly into interbank networks, and are usually controlled by a computer that isn't directly integrated into the overall construction of the unit.

Further Information

Get more info on 'Automated Teller Machine'.

External Link Exchanges

Do you know how hard it is to get a link from a large encyclopaedia? Well we're different and will prove it. To get a link from us just add the following HTML to your site on a relevant page:

<a href="http://automated_teller_machine.totallyexplained.com">Automated teller machine Totally Explained</a>

Then simply click through this link from your web page. Our crawlers will verify your link, extract the title of your web page and instantly add a link back to it. If you like you can remove the words Totally Explained and embed the link in article text.
As long as your link remains in place, we'll keep our link to you right here. Please play fair - our crawlers are watching. Your site must be closely related to this one's topic. Any kind of spamming, dubious practises or removing the link will result in your link from us being dropped and, potentially, your whole site being banned.