ATM Card Transaction Process

and Security Mechanism

By Muhammad Kamran Khan

1
Index
 History
 How Do ATMs Work
 Parts of the Machine
 Transaction Process
 ATM Security
 Attacks on ATM

2
History
 Luther Simjian came up with the idea of creating
a "hole-in-the-wall machine" that would allow
customers to make financial transactions.
 In 1939, Luther Simjian patented an early and

not-so-successful prototype of an ATM.

 However, some experts have the opinion that

James Good fellow of Scotland holds the earliest

patent date of 1966 for a modern ATM.
 In 1967, John Shepherd-Barron invented and

installed an ATM in a Barclays Bank in London.

3
How Do ATMs Work
 An ATM is simply a data terminal with two
input and four output devices.
 The ATM has to connect to, and communicate

through, a host processor.

 The host processor is analogous to an (ISP) in

that it is the gateway through which all the

various ATM networks become available to
the cardholder (the person wanting the cash).
 Most host processors can support either

leased-line or dial-up machines.

4
Parts of the Machine

5
Continue:
 The ATM itself is a dumb terminal
 No banking or account information is stored
inside the ATM system.
 In order to access such information ATM must be
able to connect to a banking network.
 Leased-line machines connect directly to the host
processor through a point-to-point, dedicated
telephone line.
 Dial-up ATMs connect to the host processor
through a normal phone line using a modem and
a toll-free number, or through an Internet service
provider using a local access number dialed by
modem.
6
Continue:
 Atomicity : A transaction’s changes to the
state are atomic: either all happen or none
happen. These changes include database
changes, messages, and actions on
transducers.
 Durability : Once a transaction completes

successfully (commits), its changes to the

state survive failures.

7
Transaction Process

8
9
10
ATM Security
 ATMs keep your personal identification number
(PIN) and other information safe by using
encryption software such as Triple DES (Data
Encryption Standard).
 An ATM card is secured as long as the PIN

number is kept as a secret.

 There is no way to get the PIN number from

your card as it is encrypted by strong software’s

like Triple Data Encryption Standard. To keep
your PIN number secure, there are a number of
ways.

11
Attacks on ATM
 Physical Attack
◦ ATM Skimming
 Logical Attacks
◦ Replay Attack
◦ Attack on Confidentiality
◦ Attack on Integrity

12
ATM Skimming
 A device that copies the information on the
back of your ATM card, and a small hidden
video camera, used to capture the PIN
number you enter.
 The installation of this device typically takes

only a few minutes.

 The device looks so much like the real thing,

even bank officials would have a hard time

noticing it.

13
ATM Skimmer Device

14
Solution to ATM Skimmning
 There are no solution to skimming but there
are some preventions you can do.
 Always use an ATM machine which in a

crowded place.
 You can use a machine which is connected to

bank reduces the chance of skimming.

 Never use a machine whose card reader’s

color miss match the ATM machine’s color.

15
Logical Attacks
 Replay Attack
◦ Here the intruder just copies the message sent from
the ATM and tries to send the same message after
some time.
These are very common type of attack on an ATM
transaction.
These types of attacks are prevented using the Time
Stamping method.

16
Attack on Confidentiality
 In these attacks the intruder tries to locate
the ATM card’s number and PIN code which
the cardholder has entered.
 These types of attacks are prevented using

the encryption method of Triple DES.

17
Attack on Integrity
 In this attack it is tried to make changes in
transaction e.g. amount has been changed.
 These things are prevented using hashing.
 In this the digest of the transaction has been

sent and after receiving the digest has been

compared.

18
References:
 www.howstuffworks.com
 www.scribd.com

19