Editor’s note: Automated teller machines, better known as ATMs, are turning 50 on June 27. Computer science professor Pradeep Atrey, from the University at Albany, State University of New York, explains the security features and concerns of modern cash machines.
How does an ATM work?
In the broadest sense, an ATM works by accepting a cash request from a user, verifying the user’s authority to access a particular bank account, ensuring that account has enough money to fulfill the request and dispensing the money – all without the assistance of a bank clerk or teller.
From the very beginning, all the way back to the first ATM placed in use in London in 1967, the user’s identity was the main problem banks needed to solve. Rather than today’s plastic card with a magnetic strip and embedded microchip, the first machine accepted a slip of paper with a mildly radioactive substance — carbon-14 — printed on it in a particular pattern. The machine matched the pattern to a number code entered by the user. If it matched, and if the funds were available, the machine dispensed up to £10 (an amount worth just over U.S. $200 today).
People are also reading…
When using modern ATMs, a customer inserts a plastic card into the machine’s reader, which registers either the data encoded on the card’s magnetic strip or its embedded chip. It prompts the customer for a personal identification number, usually called a PIN.
If the card and PIN match, then the customer can deposit money, check an account balance or, most commonly, request a cash withdrawal. When the customer specifies an amount of money, the machine uses an internet connection or a phone line to connect to the customer’s bank, verifying the funds are available and dispensing the cash.
What security issues do ATMs have?
Because ATMs contain large amounts of cash, they are attractive targets for criminals. The most brazen thefts have involved physically stealing the ATM as a whole, though muggers have also accosted ATM users, who, unsurprisingly, are likely to be carrying cash.
As a result, most ATMs today have built-in cameras, to record evidence in case of a mugging or other crime, or to monitor people who might be tampering with the machine.
A more sophisticated theft involves covertly monitoring the device and its users. Thieves can install small cameras in different places on an ATM, sometimes hidden by plastic panels that look like normal parts of the machine. With those, they can capture the PIN, card number, its expiration date, the name on the card, and even the three-digit card verification value (CVV) number on the back. That’s more than enough information to use the card to make unauthorized online purchases look legitimate. Fraudsters may also sell the data in online black markets.
By installing fake card slots, or even extra attachments called “skimmers” on top of the existing card slot, attackers can read the information on cards’ magnetic strips. That can help them make fake duplicate cards to use in other ATMs.
What security measures
are or can be deployed?
ATM-related fraud and theft can’t be completely prevented. Banks are working to develop additional security measures, such as the three-digit CVV on the back of cards. Individuals can also take preventive measures to protect themselves when using ATMs:
- If your bank issues them, use a chip-enabled card. They provide improved security by verifying the physical card is genuine, and not a fake duplicate.
- It is often safer to use an indoor ATM, rather than one directly on the street, which can be accessed more easily by criminals either before or after your transaction.
- Check the ATM to see if it looks like it has been physically altered or damaged, if anything is attached to the built-in card reader or if there are any small cameras around the keypad. Avoid using it if anything looks suspicious.
- Be careful of your surroundings and the people in the area. A person behind you may be trying to catch a glimpse of the PIN you enter on the keypad.
- Cover the key pad when entering your PIN so no observer or spy camera can see it.
- If you enter the correct PIN but the transaction fails, immediately contact the bank that issued the card to warn them that there might be a problem with the machine or your account.
How can new technology make ATMs more secure?
As the ever-escalating arms race between ATM security professionals and criminals continues, customers will find themselves urged to use increasingly advanced security methods to identify themselves at ATMs. One method is two-factor authentication, which adds an additional layer of security a user must pass before being allowed access to an account.
Often used when logging in to online services like social media and email systems, two-factor authentication has most commonly involved entering not only the PIN but also a numeric code received by text message on the user’s phone and valid for only a short period of time.
This method, no longer considered secure because it is so easy to falsely simulate cellphone numbers, is being phased out in favor of smartphone apps that generate new codes every few seconds — or even physical keys. Without this one-time code, an attacker can’t access the account.
Future methods of user authentication at ATMs are likely to involve biometrics, like fingerprints, which could augment, or even replace, the cards and PINs that have gotten banks and users through the past 50 years of automated banking.
This article was originally published on The Conversation. Read the original article at http://theconversation.com/how-secure-are-todays-atms-5-questions-answered-79618