Saturday, August 22, 2009


ATM Security

ATMs keep your personal identification number (PIN) and other information safe by using encryption software such as Triple DES (Data Encryption Standard). But there are lots of things that you can do to protect your information and your money at an ATM.
Note: Your ATM PIN should be a number that you can easily remember, but that would not be readily available to thieves.

Bank ATM Security Advice

ATM bank cash machines have been incorporated in our way of life. They offer a real convenience to those on the run, but at the same time offer an element of risk. Using a bank ATM machine safely requires awareness and a little planning. Just because a bank ATM machine is open and available 24-hours a day doesn't mean it is always safe to use it.


Most bank ATM robberies occur at night between 7pm and midnight when the machine only produces 10% of the daily transactions. Between 7pm and 4am, the ATMs handle only 11% of the total daily transactions but suffer 60% of the crime.

Who Are the Robbers?

Bank ATM robbers are usually males under 25 years of age and most work alone. ATM robbers usually position themselves nearby (50 feet) waiting for a victim to approach and withdraw cash. Half of the ATM robberies occur after the cash withdrawal. Many ATM robbery victims are women and were alone when robbed. Most claim that they never saw the robber coming. Most ATM robbers used a gun or claimed to have a concealed weapon when confronting the victim and demanding their cash.

Pick a Safe Location

Use only bank ATM machines in well-lighted, high-traffic areas. ATMs inside busy supermarkets are considered safer. Don't use ATM machines that are remote or hidden such as being located behind buildings, behind pillars, walls, or away from public view. Beware of obvious hiding places like shrubbery or overgrown trees. ATM robbers like to have the element of surprise and no witnesses. Robbers like good escape routes like nearby freeway on-ramps or high speed thoroughfares.

Get a list of ATM locations from your bank and keep it in your car. Choose an ATM that looks and 'feels' safer, even if it is a couple of miles out of the way. Try and limit your use to daylight hours. Take someone with you after hours, if you can. When you drive up to an ATM location, scan the area for any suspicious persons. If you see anyone suspicious that is standing nearby or sitting alone in a car, drive away. When you approach an ATM on foot be prepared and have your ATM card ready. Memorize your personal PIN number to prevent loss and speed the transaction. After inserting your card and your PIN number keep an eye out behind you (the robbers always come from behind or the side). Never accept an offer to help or request for help from a suspicious male at the machine.

Be Alert

If anyone suspicious or seemingly dangerous approaches terminate your transaction and leave immediately, even if it means running away and leaving your ATM card in the machine. First, tell the suspicious male in a loud, firm voice to "back-off" and leave you alone. This is designed to startle the person and give you time to flee, if appropriate. It is far easier to apologize later or suffer a little embarrassment for your fear than to become a robbery victim. When you receive cash from the machine put it away immediately, extract your card, and walk away.

If you use your car at a bank drive-thru ATM machine the same rules apply. Make sure there are no obvious hiding places or suspicious persons loitering in the area. If there are, listen to your gut instinct and drive away. Keep your doors locked and the car in gear, with your foot firmly on the brake, while using the ATM machine. Keep a close eye on your rear and side view mirrors during the transaction. Robbers almost always approach from the rear on the drivers’ side. If you see anyone approaching, drive off even if it means leaving your ATM card behind. If you are confronted by an armed robber, just give up your money without argument. The cash is not worth serious injury or death. Get to a safe place and call the police immediately or preferably report to your bank immediately, especially in the case where you had to flee leaving your card behind.

Before I go ahead with the ATM Security precautions, let me take you back a little to how the ATM works;

How Do ATMs Work?

An ATM is simply a data terminal with two input and four output devices. Like any other data terminal, the ATM has to connect to, and communicate through, a host processor. The host processor is analogous to an Internet service provider (ISP) in that it is the gateway through which all the various ATM networks become available to the cardholder (the person wanting the cash).

Most host processors can support either leased-line or dial-up machines. Leased-line machines connect directly to the host processor through a four-wire, point-to-point, dedicated telephone line. Dial-up ATMs connect to the host processor through a normal phone line using a modem and a toll-free number, or through an Internet service provider using a local access number dialed by modem.

Leased-line ATMs are preferred for very high-volume locations because of their thru-put capability, and dial-up ATMs are preferred for retail merchant locations where cost is a greater factor than thru-put. The initial cost for a dial-up machine is less than half that for a leased-line machine. The monthly operating costs for dial-up are only a fraction of the costs for leased-line.
The host processor may be owned by a bank or financial institution, or it may be owned by an independent service provider. Bank-owned processors normally support only bank-owned machines, whereas the independent processors support merchant-owned machines.

You're probably one of the millions who has used an ATM. As you know, an ATM has two input devices:

Card reader - The card reader captures the account information stored on the magnetic stripe on the back of an ATM/debit or credit card. The host processor uses this information to route the transaction to the cardholder's bank.
Keypad - The keypad lets the cardholder tell the bank what kind of transaction is required (cash withdrawal, balance inquiry, etc.) and for what amount. Also, the bank requires the cardholder's personal identification number (PIN) for verification. Federal law requires that the PIN block be sent to the host processor in encrypted form.

And an ATM has four output devices:
Speaker - The speaker provides the cardholder with auditory feedback when a key is pressed.
Display screen - The display screen prompts the cardholder through each step of the transaction process. Leased-line machines commonly use a monochrome or color CRT (cathode ray tube) display. Dial-up machines commonly use a monochrome or color LCD.
Receipt printer - The receipt printer provides the cardholder with a paper receipt of the transaction.
Cash dispenser - The heart of an ATM is the safe and cash-dispensing mechanism. The entire bottom portion of most small ATMs is a safe that contains the cash.



Eavesdropping refers to the threat that the attacker connects or taps into the transmission media and gain unauthorized access to the data. It is one of the most common attacks to the network.


Spoofing attack means that an attacker tries to impersonate another user to the third part therefore can get access to resources belonging to the victim to take advantages or just destroy them. Spoofing might need special tools to manipulate the protocol data unit. And sometimes it might require the attacker has special access permission, say, must be the super user in UNIX environment. However, since a network will be connected to many untrusted networks via the Internet, it's impossible to prevent a hacker from getting this access permission or even trace the people with this particular access permission. ATM is being implemented in public domain. Therefore, it is subject to this kind of attack also.

Service Denial

ATM is a connection-oriented technique. A connection, which is called Virtual Circuit(VC) in ATM, is managed by a set of signals. VC is established by SETUP signals and can be disconnected by RELEASE or DROP PARTY signals. If an attacker sends RELEASE or DROP PARTY signal to any intermediate switch on the way of a VC, then the VC will be disconnected. By sending these signals frequently, the attacker can greatly disturb the communication between one user to another, therefore will disable the Quality of Service(QoS) in ATM. Combining this technique with other tricks like eavesdropping, the attacker can even completely block one user from another.

Stealing of VCs

If two switches in an ATM network compromise, the attacker can even steal a VC from another user. When we consider ATM internetworking, in which case cells will travel through different ATM networks, it will be very easy for two switches to compromise.

Traffic Analysis

Traffic analysis; refers to a threat that the hacker can get information by collecting and analyzing the information like the volume, timing and the communication parties of a VC. Volume and timing can reveal a lot of information to the hacker even though the data is encrypted, because encryption won't affect the volume and timing of information.

In summary once more, never forget this few ATM Security Tips;

• Be alert and conscious of your surroundings when using the ATM.
• Don't use an ATM machine located in a dark or obscure location
• Never give your card or PIN( Personal Identification Number) to anyone, for any reason.
• Be very conscious of persons hanging around the ATM machine
• Dont write your PIN on the card or anything that is kept with the card.
• Do not insert your card until asked to do so by the display screen
• Never use an ATM with a blank screen and, if the ATM is obscured from view or poorly lit, leave immediately and find another ATM.
• Stand close to the ATM and use your body and hand as shield to make sure nobody sees you keying in your pin
• Never accept help from strangers when using an ATM. You should be wary of strangers asking for help. The elderly, or physically challenged persons should take along with them trusted persons to assist them.
• Criminals work in teams- one to distract you while the other steals your card or money.
• If your card is retained (swallowed) by the ATM it is advisable to contact your bank immediately
• It is advisable to set a daily ATM withdrawal limit on your account.
• Sign up for SMS alert, so that you are alerted whenever any withdrawal is made in your account

Hope this helps alot out there.

Eta Uso (MCTS, A+)


Anonymous said...

You really did a great job with the information u let out,we could be a good friend u kw,u can reach me in dis email japatemmy,I think we can floop together because we have alot of things together take care.

Eta said...

@ Anonymous, thanks and welcome. sure we can be friends

Anonymous said...

My name is Mary Davis I was browsing internet and found your blog. The author did a great job. I will subscribe to your RSS feeds. Thank you for your contribution. I am a web designer myself. And here some examples of the websites that I designed for loans payday loans company.

Linkon Khan said...

I am really happy to see you blog.Important information sharing here.For your contribution a lot of thanks.
leased line