This action might not be possible to undo. Are you sure you want to continue?
ATM Risk Management and Controls
Devinaga Rasiah Lecturer, multimedia university (Malacca Campus), Malaysia E-mail: email@example.com Abstract The aim of this study is to investigate risk management, security and controls in the context of Automated teller machines (ATMs). In doing so, it adopts a non-technical approach by investigating the interrelationship and effect of risk management and controls in setting Automated Teller Machine security goals. The literature explores and discusses the risk management and different controls of ATMs. To reduce the risk of fraudulent activity, several controls can be integrated into the ATM processing environment. However, the controls should not be considered a cure-all. Keywords: ATMs, data security, risk, fraud, electronic banking, and controls.
An automated teller machine (also known as an ATM or Cash Machine), is a computerized device that provides the customers of a financial institution with the ability to perform financial transactions without the need for a human clerk or bank teller. Crime at ATM’s has become a nationwide issue that faces not only customers, but also bank operators. Security measures at banks can play a critical, contributory role in preventing attacks on customers. These measures are of paramount importance when considering vulnerabilities and causation in civil litigation and banks must meet certain standards in order to ensure a safe and secure banking environment for their customers. The Automated Teller machine is a terminal provided by bank or other financial institutions which enables the customer to withdraw cash to make a balance enquiry, to order a statement, to make a money transfer, or deposit cash. The ATMs are basically self-service banking terminals and are aimed at providing fast and convenient service to customers. Some of the new generations of ATMs are able to cash a check to the penny, dispense traveller’s cheques and postage stamps, perform stock transfers, print discount coupons, issue phone cards, and even sell concert tickets. Customers are grateful for these ATM features but they are also very concerned with ATM crime and safety.
ATMs are generally designed for through-the –wall operations as well for use in lobbies. The Banker’s magazine, September (1983), indicated that the ATMs provided convenient bank access to customers accounts 24 hours a day, seven days a week including public holidays. The lobby machines which are installed in the banking lobbies are only operational during banking hours. James Essinger (1987) indicated that “ATM machines allow banks customers who have been issued with a card and a six digit secret number known as a PIN number (Personal identification number) to perform their own banking
162 European Journal of Economics. n. Cosa R and Barriuso (2006).a. mentioned that authentication of the user is provided by the customer entering a personal identification number (PIN). Diebold Inco.100 20. As financial institutions use the migration of cash transactions to self-service terminals as a primary method of increasing branch efficiencies.213 5. Number of EFTPOS Terminals MALAYSIA as at end of period International brand payment cards1 ATM card2 2004 n. RCBC (2007). The plastic card contains a magnetic stripe or a chip that contains a unique card number and some security information. challenge banks that fear scaring customers away from the ATM. or the theft of card data. Hamelink. Even low-cost solutions. ATMs are becoming the only interaction they have with their banks. Figures in 2003-2004 include the DFLs.808 2007 2008 2009 . These ATMs normally dispense two or more denominations of paper money. Finance And Administrative Sciences .368 21. In addition. LIFBs. Miranda F. before they are credited to customers’ accounts. highlighted that customers transacting on these ATMs are guided by instructions displayed o the video screens. the ATM experience must be as safe and accommodating as possible for consumers. ATMs Transactions in Malaysia 2000 – 2004 Automated Teller Machines 2000 2001 2001 2003 2004 Number of ATMs 3. (1996) mentioned that the financial services industry has been through 'structural and operational changes since the mid-1990s. into the doors of a competitor.0 71. Kalakota and Whinston. (2000) indicated that these associated cost reductions are driving ongoing changes in banking New technology brings benefits and risks and new challenges for human governance of the developments. the secrecy surrounding such frauds.585 88. or worse. For many consumers.6 86. Recent global ATM consumer research indicates that one of the most important issues for consumers when using an ATM was personal safety and security.581 160. Customer’s advice slips are automatically printed and dispensed except for balance enquires. electronic commerce.3 110.Figures in 2000-2002 comprises domestic commercial banks.565 Volume of cash withdrawals in (million) 146.Issue 21(2010) transactions”. In recent years there has been a proliferation of ATM frauds across the globe.592 119. Figures in 2000-2003 represent transactions involving the domestic commercial banks . (2010) indicated that aside from revenue generation and cost savings. Islamic banks and finance companies.3 Value of cash withdrawals (RM billion) 62.8 Bank Negara Malaysia 2004. Card theft. such as customer awareness. All deposits have to be accounted for by the bank staff.241 5. 2005 83.052 2006 Unit 93. The industry has grave difficulty in measuring ATM fraud given the lack of a national classification.897 67. Figures include Islamic banks transactions.754 144. Managing the risk associated with ATM fraud as well as diminishing its impact are important issues that face financial institutions as fraud techniques have become more advanced with increased occurrences. is the primary objective for potential thieves because the card contains all relevant account information needed to access an account. ATMs are also becoming a competitive mark for many banks.8 77.LIFBs and finance companies. such as an expiration date and card validation code (CVC).9 193. (2002) indicated that the ATM is only one of many electronic funds transfer (EFT) devices that are vulnerable to fraud attacks. it is imperative to ensure that the customer's experience with the ATM is safe and secure.944 4. Marcia Crosland of NCR Corp.161 4. and the unfortunate fact that one cannot know the true cost of fraud until one is hit with it.1 174. Therefore.a. ATMs are becoming the face of many financial institutions.6 264.490 34.5 215. Mike Fenton (2000). and innovative use of new information technology. mentioned that over the past three decades consumers have come to depend on and trust the ATM to conveniently meet their banking needs.
The day before the case was due to come to court. In 1989. • Computer and Network attacks against ATM‘s to gather bank card information.771 29. and reconcilements remain important. also excludes Islamic Banks 10. Basic internal controls including segregation of duties. three of them when he was away with his card in Andorra.436. (2002).676. and controls to meet the new risk exposures introduced by e-banking.6 285.150. procedures. expertise.3 10.174.874.2 15.8 46. • Physical attacks against the ATM. A total of 8 cash withdrawals were carried out. Visa.1 Includes international Brand debit card and ATM card Source: BNM Annual Report (2004 – 2009)* refers to commercial banks only. Complaining to the bank was fruitless and later Mr Allan was going to sue the bank of Scotland. The magazine (1991).4 Charge card 286. the ATM experience must be as safe and accommodating as possible for consumers.2 30.237. highlighted that the key to controlling transaction risk lies in adapting effective polices.0 7.861. or trap the dispensed currency.1 245.Issue 21(2010) 16. Information security controls. ISACA (2007).7 18. the bank reached an out –of court settlement with him.5 8. As financial institutions use the migration of cash transactions to self service terminals as a primary method of increasing branch efficiencies.a Not available Note: Data is collected on a quarterly basis Number of Cards/Users of Payment Instruments as at end of period 2004 2005 2006 '000 Credit card 6. Institutions should determine the appropriate level of security controls based on their assessment of the sensitivity of the information to the customer and to the institution and on the institution’s established risk tolerance level.1 44. become more significant requiring additional processes.847.0 9.4 61.642 18.236 30. indicated that fraud at the ATM although more difficult than at a POS. in particular.7 53.8 2007 2008 2009 Frauds at ATMs Diebold Inco.034.534. published that the UK consumer Association reported a case pf phantom withdrawals. tools.115 28.833.3 244. There are three basic types of ATM attacks: • Attempts to steal a customer‘s bank card information.583. 570 pounds was wrongly deducted from John Allans’ Bank of Scotland account. including the types of services offered and the complexity of the processes and supporting technology. THEFT OF CUSTOMER‘S BANK CARD INFORMATION Card Skimming Fake ATM machines Card Trapping/Card Swapping .817. The level of transaction risk is affected by the structure of the institution’s processing environment.6 68. Recent Global ATM consumer research indicates that one of the most important issues for consumers when using an ATM was personal safety and security*.163 E-money 1 European Journal of Economics.887.6 E-money 34. This risk exists in each product and service offered.6 285. Finance And Administrative Sciences .901.198 MasterCard. Recent occurrences of ATM fraud range from techniques such as shoulder surfing and card skimming to highly advanced techniques involving software tampering and/or hardware modifications to divert. has recently become more widespread.5 272.3 24. and testing.815.812.198 28. dual controls.461.6 Debit card1 10. American Express and Diners Club 2 Domestic PIN-based debit card scheme n. The magazine concludes that this case marks a breakthrough because the bank acknowledged that money can get debited to a account without the use of the card plus the PIN.4 21.
Types of Errors So far the ATMs have been the most widely spread application of electronic banking. It is this problem that has led to banks putting posters and other warnings on ATMs advising customers to visually inspect the machine to see if it has been altered or tampered with.Issue 21(2010) Distraction theft or ‘manual’ skimming Shoulder Surfing Leaving transaction ‘Live’ Cash trapping COMPUTER AND NETWORK ATTACKS Network attacks against ATMs Viruses and malicious software Phishing PIN cash-out attacks Utilizing a Fake PIN pad overlay PIN Interception PHYSICAL ATM ATTACKS Ram Raid Attacks Theft of ATMs Smash and Grab of ATMs Safe cutting/Safe Breaking Explosive Attacks The other most common cash dispenser fraud has become known as the "Lebanese loop" because criminals of Lebanese origin apparently first used it. Reputational Risks This is considerably heightened for banks using the Internet. even when the ATM accepts cash and cheques deposits. is common knowledge within a short space of time. Any problems encountered by one firm in this new environment may affect the business of another. This has many variations but usually involves the cash machine being tampered with so that your card is not returned to you and is then removed by the criminals: alternatively if you get your card back a device has recorded the details of your magnetic stripe. Overall. as it may affect confidence in the Internet as a whole. There is therefore a risk that one rogue e-bank could cause significant problems for all banks providing services via the Internet. This is a new type of systemic risk and is causing concern to e-banking providers. although the computer records showed that a genuine transaction had taken place. There have also been cases of phantom withdrawals and the card-holder denying being responsible for those cash withdrawals. • The customer’s account is debited but the cash is not dispensed by the ATM. For example the Internet allows for the rapid dissemination of information which means that any incident. The speed of the Internet considerably cuts the optimal response times for both banks and regulators to any incident. the Internet puts an emphasis on reputational risks.164 European Journal of Economics. Banks need to be sure those customers’ rights and information needs are adequately safeguarded and provided for. either good or bad. • The customer’s account is debited twice but the cash is only dispensed once by the ATM. Finance And Administrative Sciences . . Normally errors can occur at any time. There are various types of errors which can occur due to mechanical failure at the ATM terminal leading to the following problems:• ATM dispenses less cash to the customer but the account is debited correctly. The crooks have also captured your PIN number though some variation of shoulder surfing.
A heightened element of risk is that attacks against internet systems do not require physical presence at the site being attacked. . if a fraud or a misuse should occur. Controls of all kinds which are applicable to the Automated Teller Machine must be identified. how. and. Reviewing the Existing Operation of the ATM Installation It is essential that management identify all the various hazards to which ATM centre is exposed. A plan is normally formulated as to how these ATM risks are going to be identified. it is not even clear or detectable as to when and how attacks are launched from multiple locations in different countries In view of the proliferation and diversity of cyber attacks. The management may recommend that some of these controls be changed. what methods are going to be used to overcome these risks/threats. key logging. malware.165 European Journal of Economics. and by whom. Even though the existing ATM controls may appear to be in operation. One Time Password token) • Who you are (eg. including natural disasters or otherwise. spyware. The management normally identifies the controls that are in operation that are to reduce the possible impact of these risks/threats. The principal objectives of two-factor authentication are to protect the confidentiality of customer account data and transaction details as well as enhance confidence in internet banking by combating phishing. the controls are preformed. • Reviewing the existing ATM centre environment • Identifying the critical information processing of ATM applications • Estimating the value of the ATM assets used by these application that must be protected • Quantifying the estimated loss associated with the occurrence of a fraudulent misuse of cards of unauthorised withdrawals etc.Issue 21(2010) Management Risk Analysis Management risk analysis identifies the nature of risk involved in detail. how much loss is expected and how Bank is going to recover. Biometrics) comprises methods for uniquely recognizing humans based upon one or more intrinsic physical traits Risk analysis provides the financial institution with variable information as to how much investment it should make to enhance the security and controls of its ATM installation. John Page and Paul Hooper (1987) indicated that compliance testing is used to determine the following: • To determine whether the necessary controls are in place. At times. This evaluation helps the financial institution to decide whether it is necessary to have controls to overcome losses which may arise from various risks associated with the ATMs. the management must make sure that maintenance is preformed to ensure that the controls will be effective in the event of a fraud or misuse. • To provide reasonable assurance that the controls are functioning properly • To document when. middleman attacks and other internet-based scams and malevolent exploits targeted at banks and their customers. Finance And Administrative Sciences . This is the highest risk category that requires the strongest controls since online transactions are often irrevocable once executed. implement or modified in ways that minimize the relevant risks and the exposure associated with them. Personnel Identification Number) • What you have (eg. The bank’s internet systems may be exposed to internal or external attacks if controls are inadequate. The EDP Audit Control and Security Newsletter (March 1991) indicated that risk analysis involves 4 steps. Two factor authentications for system login and transaction authorisation can be based on any two of the following factors: • What you know (eg. banks should implement two-factor authentication at login for all types of internet banking systems and for authorising transactions.
It is important to determine a reasonable estimate of the overall value of the ATM installation. e. Estimating the ATM Loss Estimating losses can be difficult. monitoring and managing potential risk exposure considering as ATMs relates to payment systems. c) Number of Cardholders. customer’s financial data are subjected to fraudulent interception at many points. Upon management identifying the risks. Firstly to reduce the losses at the ATM and secondly to find a way to fund or recover these losses. e) Total amount withdrawn of transferred etc. ATM Security Measures Normally security measures are divided into 2 groups. technical error or deliberate action such as fraud. The following should be considered:• General Supervision • Transaction Processing • System administration Identifying the Various Areas The management can identify the major area of risks by doing an analysis or statistical sampling of the information given below. . Care should also be taken in determining the value of the installed software.value guidelines as it depends on a number of factors which the management analyses and forms a decision”. Finance And Administrative Sciences . and may more areas. changed or modified. Alvin A.Issue 21(2010) ATM Risk Management ATM risk management is a ongoing process of identifying. Withdrawals and transfers etc. f) Number of ATM reports generated etc. g) Overall review of ATM management resources etc.g. e. b) Time logged on/Settlement time. Normally the loss is only a very small percentage when compared to the overall volume and amount transacted within the bank. Dr Catherine P Smith (1987) indicated “that normally the loss could be due to human error. Arens and James K Loebbecke ( 1988) indicated “that it is not possible to establish my dollar. audit techniques can be used to evaluate the consequences of fraud or misuse at the ATM prior to recommending improved controls. Only after management have identified these areas can the controls be increased. What should be done is to find a way to reduce risks and threats to an acceptable level and to provide a method of recovery of ATM losses. d) Number of Transactions.g.166 European Journal of Economics. They should be able to form an opinion from this information below:a) Total number of ATM’s and their usage. exposure occurs when a customer transfers funds over communication links.” Most financial institutions treat ATM losses unless it is major as a small loss unless it is a major fraud. misuse or unauthorised use of the ATM card etc. There are several exposures to losses inherent in an ATM installation.
This requirement should be addressed with controls implemented at different levels of the ATM implementation. Yestingsmer (1986) indicated that “software audit techniques include a review of program listing. • Uncollected cards not only take up valuable space for storage but also pose a security risk to the bank through fraudulent use of these cards by bank staff.M Richards and J.g To separate:• application testing from systems design and programming and • System software programming from application programming. e. use to test input/output data with expected results and auditing of the ATM system processing program using error detectors built into the system. business process controls. applications controls and Platform controls. Encryption Encryption is an effective technique for protecting the ATM system. firstly the magnetic card and secondly the PINs. There are two main important elements in an ATM system. Risks/Threats • Mailed cards being intercepted before reaching the authorised address. b). . General ATM Operation and Organisation Controls The operation and organisational controls are designed to ensure that functions are segregated among individuals. The advantage is that it helps to analyse the way in which the ATM program operates. Most ATM systems rely heavily on programmed controls within the ATM system software. There are several good security packages that can monitor an ATM software execution to detect possible tampering with the programs. These ATM utility programs provide the opportunity for management to examine that the ATM programs are being properly executed and are not being overridden or by-passed. Tracing is software used by the auditor to identify which instructions were used in a program and in what order”. Miklos A Vasarhelyi and Thomas W Lin (1988) indicated that “there should be segregation” in order to limit an individual to only one interface with the system. The ATM Audit Log The ATM audit log provides information that is recorded after the incident. By using the audit software. The ATM audit log is useful as it identifies and diagnoses security violation.167 European Journal of Economics. Making of the PINs is not to be carried out by people who are processing the cards. This means there is little risk if disclosure. 1. It traces figures contained in a report back to the point of processing and from processing to the source of the input. frauds and misuses can be detected in a timely manner. Software Auditing R. Integrity and Availability (CIA). hence it is important to separate the system development individuals. This technique is to make intercepted data useless to the interceptor by making it too difficult or too expensive to decipher. Finance And Administrative Sciences . c). Controls In general the process should ensure Confidentiality. Software auditing provides system integrity to management and also provides an opportunity for management to identify security and control weakness. such as General Application controls.Issue 21(2010) Measures to Reduce the Losses a).
Furthermore the envelopes should be issued based on a predetermined control number. Appropriate control should be included during reconciliation. The PIN is forwarded to the customer in a separate mailer on a different day. If control and security is not tight. PINs which are generated for the customer can be derived from the customer’s account number and a logarithm used. . A temporary PIN is issued which can be used at the ATM immediately. This is a number consisting of four numerical characters which is essentially a cardholder’s password. 2. the embossing department should be kept locked. This can be achieved by proper segregation of duties. For security reasons all systems documentation concerning PIN generation/encryption and decryption keys must be under tight control at all times. Mailing of the PIN is carried out subsequent to card mailing. Risks/Threats There are a number of risks involved in the management of PIN numbers:1 There is the integrity of the PIN itself. as holders may be tempted to write down their number to remember them. • Inadequate supervision of embossing of the card. It is important for security reasons that the request for a new PIN should be in writing. Adequate control should be carried out when PIN is produced for mailing. Finance And Administrative Sciences . 3 PINs longer than four digits are security hazards. Business Process Controls In general no one person should handle all the transactions. where control on card issuance should be rigorous after embossing. Security and Control of PIN (Personal Identification Number) A PIN is a “personal identification number” . the method of selecting PIN or encryption keys may become known and duplicated PINs and mailers be prepared. 4 Issuing replacement PIN numbers to customers. if they fall into the wrong hands and are misused. Personnel having access to cards must be denied access to PINs whenever cards are prepared and processed. These PINs are normally stored in an encrypted form at the ATM. The PIN mailers are prepared separately. extreme care must be taken when requests for new PINs are made. If the person making the request has stolen the card or is not authorised to use it. • Stolen cards not being reported immediately • Stocks of blank cards could lead to unauthorised cards being issued leading to fraud. Furthermore. During hours of non-production. PINs can be assigned by the institution or can be customer selected. Application Controls For controls and security purpose the PIN which is in encrypted form is stored in a database file for security purposes. Later the customer has the choice of selecting his own PIN number at the ATM.Issue 21(2010) • Retained cards – these ATM cards pose an even greater risk. Application Close supervision is necessary within the embossing department.168 European Journal of Economics. The PIN is only activated upon the use of the card by the customer at the ATM. 2 The PIN mailers are intercepted during mailing. verification of withdrawals and date/time of transactions was completed. There should be two staff in charge of the process in order to have dual accountability for stock. the true owner of the card stands to lose a substantial sum of money.
Normally insurance companies provide banks with a Bankers Insurance Coverage. .169 European Journal of Economics. Communication Controls i. Encryption II. institutions must be prepared to educate clients on the benefits and train them in the use of the new technology. Platform Controls Controls to consider should include:I. This must be considered and adequately planned for. • Any changes to cardholder details should be authorised by the officer at the next level. Failing to do so can reduce adoption rates and/or lead to a rejection of the technology by the targeted clients. technology will never solve the problems of an inefficient and poorly managed institution. Communication protocols ii. deletion or changes to ATM transaction details should be implemented. This covers all transfers of funds which are lost as a result of a fraudulent input into system. Institutions need to make sure they are able to track funds that have been deposited into the ATMs but not yet accounted for in central accounts as fraud or errors may be involved with the deposit. It is important to have a recovery procedure which will identify if losses occur through the ATMs. The PIN must be scrambled or encrypted if printed or displayed on terminal screens. which includes losses that “the cover needed will vary depending upon the risk”. when switching from highly personalized services to automated transactions. 3. technology may just automate problems and highlight inefficiencies. • Every ATM transaction should be acknowledged by e-mail or a short message script sent to the mobile phone to confirm or alert the user that a transaction was performed. On its own. For control and security reasons the PIN mailers should not have direct reference or correlation to the customer’s account number or identification of the financial institution. Finance And Administrative Sciences .Issue 21(2010) For control purposes confirmation of numbers of PINs generated must be carried out against the total application approved. Clients are often relationship oriented and enjoy person-to-person transactions. It is recommended that the customer’s PIN should not be displayed on the PIN mailer. These transactions build trust and familiarity while automating processes can depersonalize services and alienate clients. At such an institution. When initiating new technologies such as offering financial services through ATMs. Encryption protocols etc Measure to Use if Fraud does occur at the ATMs Unfortunately. • Realistic maximum transaction and maximum daily total limits should be implemented for ATM withdrawals. It is important for financial institutions to have a straight loss control program in order to fully protect its ATM customers itself. • Printed receipts should be dispensed by the ATM for every ATM transaction. Other Controls are as follows:• Access controls and authorisation to any addition. Algorithm III. losses and security breaches do occur. ATMs require a high degree of additional control beyond those traditionally employed by financial service providers. In addition to the Bankers Insurance cover there is also computer crime insurance cover.
this creating relationships with banks. Internet. Banks should provide their customers with convenience. and they get involved more. With e-banking banks can reduce their overall costs in two ways: cost of processing transactions is minimized and the numbers of branches that are required to service an equivalent number of customers are reduced. This means that banks can offer a wider range and newer services online to even more customers than possible before. physical branches) and have more functions available online. it is important to note that they vary significantly. from anywhere. By utilizing careful ATM analysis and the best prevention and reduction methods acceptable levels of ATM risks can be maintained.170 • • • • • • • • • • • • European Journal of Economics. The benefit which is driving most of the banks toward e-banking is the reduction of overall costs. One of the benefits that banks experience when using e-banking is increased customer satisfaction. But e-banking is a difficult business and banks face a lot of challenges. This due to that customers may access their accounts whenever. Finance And Administrative Sciences . Other benefits are expanded product offerings and extended geographic reach. . With all these benefits banks can obtain success on the financial market. meaning offering service through several distribution channels (ATM.Issue 21(2010) Some suggested Audit EFT Procedures Physical Controls Process Controls Transmission and System failures System logon controls Messaging controls Transfer Controls PIN controls Card Controls Back –end application Front end application Transaction Journal/ Audit Trail Visible Terminals. Source: ISACA -Information Systems Audit and Control Association (2007) Conclusion Praveen Dalal (2006) indicated that although comprehensive computer insurance cover is available to Banks for losses relating to ATMs.
The Sydney Morning Herald. Addison Wesley. Banking systems and technology.” MicroFinance Network. Taking ATM fraud prevention to the next level.0/id. Marcia Crosland. Their organisation security and finance. Computer crime research centre Preventive measure for ATM frauds.171 1] 2] 3] 4] 5] 6] 7] 8] 9] 10] 11] 12] 13] 14] 15] 16] 17] 18] 19] 20] 21] 22] 23] 24] 25] 26] 27] 28] 29] European Journal of Economics. published by Elservier Int Bulletin Chp 6 Future developments.bankinfosecurity. "The Ethics of Cyberspace. Vol XVIII No 8. John and Paul H (1987) Accounting and information System. London. 2001. Edition.detail/catid. Alvin AA and James K Loebbecke (1988) .Acss Control software: What it will and will not do. B. http://www. Consumer behaviour drives innovation inn ATM technology. Anita & Sarah Halpern. Mike Fenton (2008) by Admin. James essinger (1987). Harlow.com/headlines. ATM Networks.com.europa.atmsecurity. http://www. 3 editions Prentice Hall. "Electronic Commerce: A Manager’s Guide" 2nd Edition. October 2008.5/search.(2010). “Automating Microfinance: Experience from Latin America. Finance And Administrative Sciences .26/task. Campion.cgap. and Africa. Kalakota. Roy Martin R and Jan Y (1986) Computer and Security Risk Management. and A." Sage.eu http://www.. Is Auditing Procedure (Electronic Fund Transfer( EFT). Diebold Inco. www. Robert Parker. (2002).uk/2006/11/18/mp3_player_atm_hack/ http://www. Asia.theregister. Electronic Banking (e Banking) Consumer protection Policy. N. ‘Bondi banks scam: ATM alert‘. Pitman Books Ltd. 2001.eu McGlasson L.info/2006/09/25/atm-hacking-and-cracking-to-steal-money-with-atmbackdoor-default-master-password/ http://www. Chp16.html http://www.Ind. Andrew D Chambers (1981). RCBC (2007) Rizal Commercial Banking Corporation. Information Systems Audit and Control Association.com/threatlevel/2009/04/pins/ https://www. Computer Auditing Insurance. The EDP Audit. NCR Corp. Chp5.0/mode.CG AP IT Innovations Series www. Whinston.com/monthly-digest/atm-security-monthly-digest/atm-fraud-andsecurity-digest-march-2009.wired. C. Praveen Dalal (2006) Preventive measures for ATM Frauds.co.computerworld.org/publications/microfinance_technology.isaca.mydigitallife. http:/www. ‘ATM Fraud: Growing Threats to Financial Institutions‘. Compliance testing in a computer environment.mfnetwork. Bank Info Security.com ATM crime (2009): Overview of the European situation and golden rules on how to avoid it." Kogan Page.Issue 21(2010) ISACA// www.european-atm-security.org/bookmarks/Itemid.html References and sources .1/navstart. London.. Auditing an integrated approach 4 th edition Chp8 pg 231-269 prentice hall Int. Robinson G. A key to security in Electronic Funds Transfer System Elsevier Science publishers. ISACA (2001) . "Living the Brand. ATM Fraud Security white paper. The Blog. 2000.europol.atmmarketplace.denverpost. Hamelink.org/glossary(2007) http://www. R.com/securitytopics/security/story http://www. Control and Security Newsletter (1991) EDPACS.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.