2. Banking Technology – M.Tech (IT)
In Brief
• Types, Models and Features of ATM
• Functions and Components of an ATM
• The Card
• Operations and Security
• Transaction Flow and Shared Networks
• Disputes and Resolution
• Frauds
• Customer Education
3. Banking Technology – M.Tech (IT)
Introduction
• Philip Kotler once said- “Customer is the king. He is not
dependent on us. Rather we are dependent on him”.
• This dependency is causing banks to keep the customer
happy…ATM was perhaps the first step in this direction…
• Barclays claims to have installed the world’s first cash
Dispenser in 1967
• 1st
generation machines were offline
• Major step in 1972 when Lloyds Bank in the UK installed
in the first on-line “Cash-Point” machines developed by
IBM
• It took 16 years for the first 1,00,000 cash dispensers to be
installed, but only four years more for the next 1, 00,000
• Now, India alone has more than 1,60,000 ATMs
4. Banking Technology – M.Tech (IT)
ATM Types & Features
• ATMs are broadly
classified under two types.
– Cash Dispensers
– Full Function ATMs.
• ATM Models –
– Lobby Type
– Wall Type
– Drive-in
•Bio-metrics enabled
•Audio visual support
•Special designs for the
physically challenged users
6. Banking Technology – M.Tech (IT)
Key Requirements at the ATM Level
• Transaction and operational security.
• Message Encryption (Triple DES)
• Vandalism and Tamper Proofing
• Authorization methods to suit variety of
authorization needs.
• Message tokenization.
• Management Reporting Capabilities
• Terminal interactive timer.
7. Banking Technology – M.Tech (IT)
ATM Services…
• Cash Withdrawal
• Balance enquiry
• Mini statement
• Change of PIN
Mobile Recharge / Top ups
Airline Ticket Booking
VISA Money Transfer/Card to card
transfer
Funds Transfer to own accounts
Donations to Trusts
Utility Bills Payments
Service Requests
Fee Payment
SMS Alert Registrations
Registration for Mobile Banking /SMS
Alerts
Direct Tax Payment
Inter Bank/Intra Bank fund transfer
through IMPS
Deposits of Cash / Cheque
Donations
Request for Cheque Books
8. Banking Technology – M.Tech (IT)
The ATM Card
• A magnetic card with PIN
• The magnetic strip is present on the reverse
upper portion of the card & helps in
identification of cardholder & issuer
• The strip contains data for authorization of the
transactions
• Encoding standards for the 3 strips:
– Track 1-ISO 7813.
– Track 2-ISO 7813.
– Track 3- ISO 4909.
10. Banking Technology – M.Tech (IT)
The Three Tracks…
• There are three tracks on the magstripe. Each track
is 0.110-inch wide. The ISO/IEC standard 7811,
which is used by banks, specifies:
• Track 1 is 210 bits per inch (bpi), and holds 79
six-bit plus parity bit read-only characters.
• Track 2 is 75 bpi, and holds 40 four-bit plus parity
bit characters.
• Track 3 is 210 bpi, and holds 107 four-bit plus
parity bit characters.
11. Banking Technology – M.Tech (IT)
• The information on track one is contained in two formats -- A,
which is reserved for proprietary use of the card issuer, and B, which
includes the following:
• Start sentinel -- 1 character
• Format code="B" -- 1 character (alpha only)
• Primary account number -- up to 19 characters
• Separator -- 1 character
• Country code -- 3 characters
• Name -- 2-26 characters
• Separator -- 1 character
• Expiration date or separator -- 4 characters or 1 character
• Discretionary data -- enough characters to fill out maximum record
length (79 characters total)
• End sentinel -- 1 character
• Longitudinal Redundancy Check (LRC), a form of computed check
character -- 1 character
12. Banking Technology – M.Tech (IT)
• The format for track two, developed by the banking
industry, is as follows:
• Start sentinel -- 1 character
• Primary account number - up to 19 characters
• Separator -- 1 character
• Country code -- 3 characters
• Expiration date or separator -- 4 characters or 1 character
• Discretionary data -- enough characters to fill out
maximum record length (40 characters total)
• LRC -- 1 character
13. Banking Technology – M.Tech (IT)
Track 3
• Track three is a read/write track (that
includes an encrypted PIN, country
code, currency units, amount authorized),
but its usage is not standardized among
banks.
14. Banking Technology – M.Tech (IT)
Details on an ATM Card
• Bank logo
• Customer name, date of issue and expiry date is
embossed on the front
• Scanned photograph along with signature on the
front
• Space for signature of the cardholder is available
on the reverse of the card
• Logo of Master/Visa/Electron/Cirrus is also
printed on the reverse side of the card if the bank
is a member of the above
15. Banking Technology – M.Tech (IT)
Other Cards Too
• Now a lone ATM card is becoming a rarity.
• Cards that can be used with an ATM are:
– Debit Card
– Credit Card: Many credit cards allow
cardholders to get cash advances at ATMs,
although the cash advance feature is peripheral
to the much more common credit feature
– Soon, Smart Card too
16. Banking Technology – M.Tech (IT)
On Site Vs Off Site ATM
• On-site ATM is located within the premises of
the branch and Off-site ATM is located far
away from the branch
• Every Branch should have an ATM (on-site).
• Off-site ATM location: influenced by a variety
of factors.
17. Banking Technology – M.Tech (IT)
ATM
TERMINAL
S
W
I
T
C
H
DATABASE
BANK
Server
CARD
HOLDER
Cash if approved
Rejection on negative response
ATM Operation
18. Banking Technology – M.Tech (IT)
TYPICAL CASH WITHDRAWAL FROM
AN ATM ACROSS A SHARED ATM
NETWORK
19. Banking Technology – M.Tech (IT)
Security Features
• Enough controls to protect institutions and
cardholders from frauds
• PIN, which has 6561 permutations excluding
zero & 10,000 including it –
• Triple DES Encryption
• Hardware Security Module (HSM) for PIN
generation and Validation
• Operational security - access control, audit
trails
• Real Time Online Monitoring of the ATM
Network
20. Banking Technology – M.Tech (IT)
Disputes & Resolution
• Transaction Log files from ATM Switch
• ATM journal
• Transaction in CBS
• Claim by other Agencies like NPCI /
VISA /Master / CCD
• Physical Cash at ATM
21. Banking Technology – M.Tech (IT)
DCMS & DCRS
• Debit Card Management System – for issue
and maintenance of Debit Cards
• Debit Card Reconciliation System – for
Managing ATM transactions.
22. Banking Technology – M.Tech (IT)
DCRS Inputs
DCRS receives the following files for processing:
•Transaction Log File from ATM Switch
•Transaction file from CBS
•NFS Issuer / Acquirer file from NPCI
•VISA Issuer / Acquirer, MDS and CCD files from
Credit Card Department.
•Electronic Journal files from ATM Service
Providers
23. Banking Technology – M.Tech (IT)
The Reconciliation Process…
The recon process compares the following data:
•Transaction Log File from ATM Switch vs. Transactions files from CBS
•Transaction Log File from ATM Switch vs. NFS Issuer / Acquirer file from
NPCI
•Transaction Log File from ATM Switch vs. VISA Issuer / Acquirer file from
VISA, Master Debit Card files and CCD Files from Credit Card department.
•Transaction Log File from ATM Switch vs. Electronic Journal file from
ATM
In each recon process three reports will be generated.
•Matched report
•Unmatch1 report
•Unmatch2 report
24. Banking Technology – M.Tech (IT)
ATM Frauds
• The security attacks on transactions typically take one of the
following ways:
– Through Lost, stolen or fraudulent cards.
– Invalid transactions are attempted using valid cards.
– Possibility of tampering/deleting/corrupting transaction messages.
– Messages can be tampered with altering the contents of transactions.
– Transaction messages are intercepted and recorded during
transmission and relayed later for personal financial gain.
• Key Fraud Types
– Skimming
– Theft (of PIN/Card)
– Robbery (of the user or of the machine)
– Shoulder surfing’ – where criminals look over a cash machine user’s
shoulder to watch them enter their PIN, then steal the card
25. Banking Technology – M.Tech (IT)
Customer Education
• Be alert
• Trust no one
• Stay away from ill-lit ATMs
• Treat your ATM card like cash – with care, don’t
share & don’t write on it
• Keep PIN a secret
• Minimise the time
• Put away the cash