Definition

A n a u t o m a t e d t e l l e r m a c h i n e o r a u t o m a t i c t e l l e r m a c h i n e ( ATM )
is a computerized telecommunications device that provides a financial
institution's customers a method of financial transactions in a public
space without the need for a human clerk or bank teller. On most modern
ATM s , t h e c u s t o m e r i d e n t i f i e s h i m o r h e r s e l f b y i n s e r t i n g a p l a s t i c ATM
card with a magnetic stripe or a plastic smartcard with a chip, that
contains his or her card number and some security information, such as
an expiration date or CVC (CVV). Security is provided by the customer
entering a personal identification number (PIN).

Working of ATM machines

A u t o m a t i c Tel l e r M a c h i n e m a c h i n e a r e b a n k i n g t e r m i n a l t h a t a c c e p t s
d e p o s i t s a n d d i s p e n s e s c a s h . ATM s a r e a c t i v a t e d b y i n s e r t i n g a c a s h o r
credit card that contains the users account number and PIN on a
m a g n e t i c s t r i p e . T h e ATM c a l l s u p t h e b a n k s c o m p u t e r s t o v e r i f y t h e
balance, dispenses the cash and then transmits a completed transaction
n o t i c e . T h e w o r d m a c h i n e i n t h e t e r m ATM M a c h i n e i s c e r t a i n l y
redundant, but widely used.

Locations
ATM s a r e p l a c e d n o t o n l y n e a r o r i n s i d e t h e p r e m i s e s o f b a n k s , b u t
also in locations such as shopping centers/malls, airports, grocery
stores, gas stations, restaurants, or any place large numbers of people
m a y g a t h e r. T h e s e r e p r e s e n t t w o t y p e s o f ATM i n s t a l l a t i o n s : o n a n d o f f
p r e m i s e . O n p r e m i s e ATM s a r e t y p i c a l l y m o r e a d v a n c e d , m u l t i - f u n c t i o n
machines that complement an actual bank branch's capabilities and
thus more expensive. Off premise machines are deployed by financial
institutions and also ISOs (or Independent Sales Organizations) where
there is usually just a straight need for cash, so they typically are the
cheaper

mono-function

devices.

In

Canada,

when

a n ATM

is

not

o p e r a t e d b y a f i n a n c i a l i n s t i t u t i o n i t i s k n o w n a s a " W h i t e L a b e l ATM " .

Financial networks
M o s t ATM s a r e c o n n e c t e d t o i n t e r b a n k n e t w o r k s , e n a b l i n g p e o p l e t o
withdraw and deposit money from machines not belonging to the bank
where they have their account or in the country where their accounts
are

held.

This

is

convenience,

especially

for

people

who

are

travelling: it is possible to make withdrawals in places where one's

bank has no branches, and even to withdraw local currency in a foreign
c o u n t r y. S o m e e x a m p l e s o f i n t e r b a n k n e t w o r k s i n c l u d e P L U S , C i r r u s ,
Interac and LINK.
ATM s r e l y o n a u t h o r i z a t i o n o f a f i n a n c i a l t r a n s a c t i o n b y t h e c a r d i s s u e r
or other authorizing institution via the communications network. This is
often performed through an ISO 8583 messaging system.

M a n y b a n k s c h a r g e ATM u s a g e f e e s . I n s o m e c a s e s , t h e s e f e e s a r e
assessed solely for non-members of the bank; in other cases, they
a p p l y t o a l l u s e r s . M a n y p e o p l e o p p o s e t h e s e f e e s b e c a u s e ATM s a r e
actually less costly for banks than withdrawals from human tellers.
In order to allow a more diverse range of devices to attach to their
networks, some interbank networks have passed rules expanding the
d e f i n i t i o n o f a n ATM t o b e a t e r m i n a l t h a t e i t h e r h a s t h e v a u l t w i t h i n i t s
footprint or utilizes the vault or cash drawer within the merchant
establishment, which allows for the use of a scrip cash dispenser .
ATM s t y p i c a l l y c o n n e c t d i r e c t l y t o t h e i r ATM Tra n s a c t i o n P r o c e s s o r v i a
either a dial-up modem over a telephone line or directly via a leased
line. Leased lines are preferable to POTS lines because they require
less time to establish a connection. Leased lines may be comparatively
expensive to operate versus a POTS line, meaning less-trafficked
machines will usually rely on a dial-up modem. That dilemma may be
solved

as

high-speed

Internet

VPN

connections

become

more

ubiquitous. Common lower-level layer communication protocols used by

ATM s t o c o m m u n i c a t e b a c k t o t h e B a n k i n c l u d e S N A o v e r S D L C , T C 5 0 0
over Async, X.25, and TCP/IP over Ethernet.
I n a d d i t i o n t o m e t h o d s e m p l o y e d f o r t r a n s a c t i o n s e c u r i t y a n d s e c r e c y,
all

communications

traffic

between

the

ATM

and

the

Tra n s a c t i o n

Processor could also be encrypted via methods such as SSL.

Benefits
U s i n g a n ATM , c u s t o m e r s c a n a c c e s s t h e i r b a n k a c c o u n t s i n o r d e r t o
make cash withdrawals (or credit card cash advances) and check their
a c c o u n t b a l a n c e s . M a n y ATM s a l s o a l l o w p e o p l e t o d e p o s i t c a s h o r
checks,

transfer

money

between

their

bank

accounts,

pay

bills,

or

purchase goods and services.

Software
With the migration to commodity PC hardware, standard commercial
o f f - t h e - s h e l f o p e r a t i n g s ys t e m s a n d p r o g r a m m i n g e n v i r o n m e n t s c a n b e
u s e d i n s i d e o f ATM s . Typ i c a l p l a t f o r m s u s e d i n ATM d e v e l o p m e n t i n c l u d e
RMX, OS/2, and Microsoft operating systems (such as Windows 98,
W i n d o w s N T, W i n d o w s 2 0 0 0 ) . M i c r o s y s t e m s J a v a m a y a l s o b e u s e d i n
these environments.
L i n u x i s a l s o f i n d i n g s o m e r e c e p t i o n i n t h e ATM m a r k e t p l a c e . An
example of this is Banrisul, the largest bank in the south of Brail, which
h a s r e p l a c e d t h e M S - D O S o p e r a t i n g s ys t e m s i n i t s ATM s w i t h L i n u x .

Hardware
A n ATM t y p i c a l l y i s m a d e u p o f t h e f o l l o w i n g d e v i c e s :
CPU (to control the user interface and transaction devices)
Magnetic and/or Chip card reader (to identify the customer)
P I N P a d ( s i m i l a r i n l a y o u t t o a Tou c h t o n e o r C a l c u l a t o r k e y p a d ) ,
often manufactured as part of a secure enclosure.
Secure crypto processor , generally within a secure enclosure.
Display (used by the customer for performing the transaction)
F u n c t i o n k e y b u t t o n s ( u s u a l l y c l o s e t o t h e d i s p l a y ) o r a Tou c h
screen (used to select the various aspects of the transaction)
Record Printer (to provide the customer with a record of their
transaction)
Vau l t ( t o s t o r e t h e p a r t s o f t h e m a c h i n e r y r e q u i r i n g r e s t r i c t e d
access)
Housing (for aesthetics and to attach signage to)

R e c e n t l y, d u e t o h e a v i e r c o m p u t i n g d e m a n d s a n d t h e f a l l i n g p r i c e o f
computer-like
hardware

a r c h i t e c t u r e s , ATM s

architectures

using

have

moved

microcontrollers

away
and/or

from

custom

application-

specific integrated circuits to adopting a hardware architecture that is

v e r y s i m i l a r t o a p e r s o n a l c o m p u t e r . M a n y ATM s a r e n o w a b l e t o u s e
o p e r a t i n g s y s t e m s s u c h a s M i c r o s o f t W i n d o w s a n d L i n u x . Al t h o u g h i t i s
undoubtedly cheaper to use commercial off-the-shelf hardware, it does
m a k e ATM s v u l n e r a b l e t o t h e s a m e s o r t o f p r o b l e m s e x h i b i t e d b y
conventional computers.

Security
A n ATM w i t h c a r d r e a d e r a n d P I N k e y p a d :
S e c u r i t y, a s i t r e l a t e s t o ATM s , h a s s e v e r a l d i m e n s i o n s . ATM s a l s o
p r o v i d e a p r a c t i c a l d e m o n s t r a t i o n o f a n u m b e r o f s e c u r i t y s ys t e m s a n d
concepts operating together and how various security concerns are dealt
with .

PHYSICAL
E a r l y ATM s e c u r i t y f o c u s e d o n m a k i n g t h e ATM s i n v u l n e r a b l e t o
physical attack; they aware effectively safes with dispenser mechanisms.
A n u m b e r o f a t t a c k s o n ATM s r e s u l t e d , w i t h t h i e v e s a t t e m p t i n g t o s t e a l
e n t r e ATM s b y r a m - r a i d i n g . S i n c e l a t e 1 9 9 0 s , c r i m i n a l g r o u p s o p e r a t i n g i n
Japan improved ram-raiding by stealing and using a truck loaded with a
heavy construction machinery to effectively demolish or uproot an entire
ATM a n d a n y h o u s i n g t o s t e a l i t s c a s h .
A n o t h e r a t t a c k m e t h o d i s t o s e a l a l l o p e n i n g s o f t h e ATM w i t h
silicone and fill the vault with a combustible gas or to place an explosive
i n s i d e , a t t a c h e d , o r n e a r t h e ATM . T h i s g a s o r e x p l o s i v e i s i g n i t e d a n d
the vault is opened or distorted by the force of the resulting explosion
and the criminals can break in.
M o d e r n ATM p h ys i c a l s e c u r i t y, p e r o t h e r m o d e r n m o n e y- h a n d l i n g
s e c u r i t y, c o n c e n t r a t e s o n d e n y i n g t h e u s e o f t h e m o n e y i n s i d e t h e

m a c h i n e t o a t h e i f , b y m e a n s o f t e c h n i q u e s s u c h a s d ye m a r k e r s a n d
smoke canisters.

TRANSACTIONAL SECRECY AND INTEGRITY

T h e s e c u r i t y o f ATM t r a n s a c t i o n s r e l i e s m o s t l y o n t h e i n t e g r i t y o f t h e
s e c u r e c r yp t o p r o c e s s o r : t h e ATM o f t e n u s e s c o m m o d i t y c o m p o n e n t s t h a t
are not considered to be trusted systems.
E n c r yp t i o n o f p e r s o n a l i n f o r m a t i o n , r e q u i r e d b y l a w i n m a n y j u r i s d i c t i o n s ,
i s u s e d t o p r e v e n t f r a u d . S e n s i t i v e d a t a i n ATM t r a n s a c t i o n s a r e u s u a l l y
encrypted with DES, but transaction processors now usually require the
use of TRIPLE DES.

CUSTOMER IDENTITY INTEGRITY

There have also been a number of incidents of fraud where criminals
have attached fake keypads or card readers to existing machines. These
have

then

been

used

to

record

customers

PINs

and

bank

card

information in order to gain unauthorized access to their accounts.

Var i o u s ATM m a n u f a c t u r e r s h a v e p u t i n t h e p l a c e c o u n t e r m e a s u r e s t o
pretect the equipment they manufacture from these threats.

Alternate methods to verify cardholder identities have been tested and

deployed in some countries, such as finger and palm vein patterns, iris
and

facial

recognition

technologies.

Costs

of

integrating

and

implementing these technologies along with concerns about consumer

a c c e p t a n c e h a v e l i m i t e d t h e i r d e p l o ym e n t s o f a r.

DEVICE OPERATION INTEGRITY

O p e n i n g s o n t h e c u s t o m e r - s i d e o f ATM s a r e o f t e n c o v e r e d b y m e c h a n i c a l
shutters to prevent tampering with the mechanisms when they are not in
u s e . Al a r m s s e n s o r s a r e p l a c e d i n s i d e t h e ATM a n d i n ATM s e r v i c i n g
areas

to

alert

their

operators

when

doors

have

been

opened

by

unauthorized personnel.
R u l e s a r e u s u a l l y s e t b y t h e g o v e r n m e n t o r ATM o p e r a t i n g b o d y t h a t
d i c t a t e w h a t h a p p e n s w h e n i n t e g r i t y s ys t e m s f a i l . D e p e n d i n g o n t h e
jurisdiction, a bank may or may not be liable when an attempt is made to
d i s p e n s e a c u s t o m e r s m o n e y f r o m a n ATM a n d t h e m o n e y e i t h e r g e t s
o u t s i d e o f t h e ATM s v a u l t , o r w a s e x p o s e d i n a n o n - s e c u r e f a s h i o n , o r
they are unable to determine the state of the money after a failed
transaction.
Bank customers often complain that banks have made it difficult to
r e c o v e r m o n e y l o s t i n t h i s w a y, b u t t h i s i s o f t e n c o m p l i c a t e d b y t h e
Banks own internal policies regarding suspicious activities typical of the
criminal element.

CUSTOMER SECURITY WHILE USING ATMs

In some areas, multiple security cameras and security guards are a
u b i q u i t o u s ATM f e a t u r e .
C r i t i c s o f ATM o p e r a t o r s a s s e r t t h a t t h e i s s u e o f c u s t o m e r s e c u r i t y
appears to have been abandoned by the banking industry it has been
suggested that efforts are nwo more concentrated on deterring legislation
than on solving the problem of forced withdrawals.
At least as far back as July 30, 1986, critics of the industry have called
f o r t h e a d o p t i o n o f a n e m e r g e n c y P I N s ys t e m f o r ATM s , w h e r e t h e u s e r i s
able to send a silent alarm in response to a threat. Legislative efforts to
require an emergency PIN system have appeared in Kansas and Georgia,
b u t n o n h a v e s u c c e e d e d a s o f ye t .

ALTERNATIVES
A l t h o u g h ATM s w e r e o r i g i n a l l y d e v e l o p e d a s j u s t c a s h d i s p e n s e r s , t h e y
have evolved to include many other bank-related functions. In some
countries, especially those which benefit from a fully integrated crossb a n k ATM n e t w o r k ( e . g . : M u l t i b a n c o i n P o r t u g a l ) , ATM s i n c l u d e m a n y
functions which are not directly related to the management of one's
own bank account, such as:
Deposit currency recognition, acceptance, and recycling
Paying routine bills, fees, and taxes (utilities, phone bills, social
s e c u r i t y, l e g a l f e e s , t a x e s , e t c . )
Printing bank statements
Updating passbooks

 Loading monetary value into pre-paid cards (cell phones, tolls,

multi purpose stored value cards, etc.)

Tic k e t p u r c h a s e s ( t r a i n , c o n c e r t , e t c . ) .
Purchasing postal stamps.
Lottery ticket purchases
Games and promotional features
Donations to charities
Purchase shopping mall gift certificates.
Cheque Processing Module

RELIABILITY
B e f o r e a n ATM i s p l a c e d i n a p u b l i c p l a c e , i t t y p i c a l l y h a s u n d e r g o n e
extensive

testing

with

both

test

money

and

the

backend

computer

s ys t e m s t h a t a l l o w i t t o p e r f o r m t r a n s a c t i o n s . B a n k i n g c u s t o m e r s a l s o
h a v e c o m e t o e x p e c t h i g h r e l i a b i l i t y i n t h e i r ATM s , w h i c h

provides

i n c e n t i v e s t o ATM p r o v i d e r s t o m i n i m i z e m a c h i n e a n d n e t w o r k f a i l u r e s .
Financial consequences of incorrect machine operation also provide high
degrees of incentive to minimize malfunctions.

ATM s a n d t h e s u p p o r t i n g e l e c t r o n i c f i n a n c i a l n e t w o r k s a r e g e n e r a l l y v e r y
r e l i a b l e , w i t h i n d u s t r y b e n c h m a r k s t yp i c a l l y p r o d u c i n g 9 8 . 2 5 % c u s t o m e r
a v a i l a b i l i t y f o r ATM s a n d u p t o 9 9 . 9 9 % a v a i l a b i l i t y f o r h o s t s ys t e m s . I f
ATM s d o g o o u t o f s e r v i c e , c u s t o m e r s c o u l d b e l e f t w i t h o u t t h e a b i l i t y t o
make transactions until the beginning of their banks next time of opening
hours.
Of course, not all errors to the detriment of customers; there have been
cases of machines giving out money without debiting the account, or
giving out higher value notes as a result of incorrect denomination of
banknote being loaded in the money cassettes. Errors that can occur may

be mechanical ( such as card transport mechanisms; keypads; hard disk

failures);

software

such

as

operating

system;

device

a p p l i c a t i o n ) ; c o m m u n i c a t i o n s ; o r p u r e l y d o w n t o o p e r a t o r e r r o r.

driver;