ATMs uses processors with encryption, usually installed inside a computer embedded in a secure enclosure. The software is running in a current operating system. The safety of the device relies heavily on the secure processor.
ATMs are connected to interbank network via a modem connected to a telephone by dial-up, or leased line. The latest type of connection is preferable, since the connection time is shorter. However, it is more expensive, ATMs will be used rather connected in the first way (Dial). The cost of an external link is often less expensive than a dedicated line, using a shared line tends to disappear. In Canada and the United States, it is required that communications are encrypted, this in order to prevent theft of personal or financial data.
In addition, ATM installations contain fewer integrated circuits (mostly around the Intel 8086 processor) and are increasingly appeal to a PC that comes with a current operating system, like Windows or Linux. For example, Banrisul, the largest bank in the south of Brazil, replaced MS-DOS by Linux, it is to date the first ATM network using the open source model. Other devices use the RMX 86, OS/2 and Windows 98 operating systems, each operating with Java.
ATMs are generally reliable, but when they have any fault, the customer must wait for the opening of a branch office to repair. Although most of the time errors are to the detriment of customers, sometimes there are cases where they are in his favor. ATMs give money without debiting the account, give some notes with higher value than what is displayed, etc.
Causes of errors include:
- mechanics: card reader faulty, broken keyboard and corrupted hard drive
- software: operating system issues and exceededdevice drivers
- communication: network down intermittently
- human: poor seizure
Several ATM transactions are printed on paper, which is from a roll of paper situated inside the apparatus. Printing is done in duplicate, allowing banks to make their point of view if a customer disputes a financial transaction. In some cases, transactions are recorded electronically in order to reduce paper consumption.
In order to reduce transaction costs, stores maintain the installed ATMs in place, veing able alternatively to fill cassettes tickets.
The first ATMs were designed to protect against some physical attacks; for example, if thieves were racing a vehicle on the devices in order to break them. With experience, ATM manufacturers have preferred to turn to techniques that mark the tickets, making them also unusable. There are also ATM containing a bottle of mace. This has allowed to install ATMs in places that are not known for their security, such as shops.
The safety of these devices can be based on that found in the stores. In this case, the device contains no tickets. When the transaction completes, it prints a coupon that the customer gives the cashier of the store. It is the latter which gives the withdrawn amount.
The transactions are usually encrypted.
There are also so-called “phantom withdrawals”. Several banks claim that withdrawals were made by dishonest clients who refuse to acknowledge their gesture. Others say it is rather dishonest employees who abuse deficiencies of ATMs.
The security of ATMs is based on cryptography. Ross Anderson, an expert in cryptography, analyzed the ATM systems. According to him, many banks are not doing enough to secure the ATM.
There are documented cases of fraudsters who built fake ATM in order to extract different information of customers. There have also attached fake keypads or fake card readers to real ATM or who developed the technique of Marseille collar.
A bank is still responsible if a customer is stealing money from an ATM. However, in practice, it is rather difficult for the client to receive compensation.
In some cases, fraud occurs when the bank does not insert the correct tickets, prompting customers to take advantage of the situation. It seems that customers who use the ATM once are not prosecuted. However, a second consecutive use leads to a lawsuit.
Greater withdrawals than the amount available in the account made possible through a bank error, expose the client to a misdemeanor theft.
In some areas, ATMs are often accompanied by several surveillance cameras, which are monitored by security guards. However, it seems that the physical safety of customers, when making transactions at the ATM, is neglected by banks. They prefer to focus on a coercitive legislation, rather than prevent forced withdrawals.