European Journal of Economics, Finance and Administrative Sciences ISSN 1450-2275 Issue 20 (2010) © EuroJournals, Inc.


ATM Risk Management and Controls
Devinaga Rasiah Lecturer, multimedia university (Malacca Campus), Malaysia E-mail: Abstract The aim of this study is to investigate risk management, security and controls in the context of Automated teller machines (ATMs). In doing so, it adopts a non-technical approach by investigating the interrelationship and effect of risk management and controls in setting Automated Teller Machine security goals. The literature explores and discusses the risk management and different controls of ATMs. To reduce the risk of fraudulent activity, several controls can be integrated into the ATM processing environment. However, the controls should not be considered a cure-all. Keywords: ATMs, data security, risk, fraud, electronic banking, and controls.

ATM An automated teller machine (also known as an ATM or Cash Machine), is a computerized device that provides the customers of a financial institution with the ability to perform financial transactions without the need for a human clerk or bank teller. Crime at ATM’s has become a nationwide issue that faces not only customers, but also bank operators. Security measures at banks can play a critical, contributory role in preventing attacks on customers. These measures are of paramount importance when considering vulnerabilities and causation in civil litigation and banks must meet certain standards in order to ensure a safe and secure banking environment for their customers. The Automated Teller machine is a terminal provided by bank or other financial institutions which enables the customer to withdraw cash to make a balance enquiry, to order a statement, to make a money transfer, or deposit cash. The ATMs are basically self-service banking terminals and are aimed at providing fast and convenient service to customers. Some of the new generations of ATMs are able to cash a check to the penny, dispense traveller’s cheques and postage stamps, perform stock transfers, print discount coupons, issue phone cards, and even sell concert tickets. Customers are grateful for these ATM features but they are also very concerned with ATM crime and safety. Background Studies ATMs are generally designed for through-the –wall operations as well for use in lobbies. The Banker’s magazine, September (1983), indicated that the ATMs provided convenient bank access to customers accounts 24 hours a day, seven days a week including public holidays. The lobby machines which are installed in the banking lobbies are only operational during banking hours. James Essinger (1987) indicated that “ATM machines allow banks customers who have been issued with a card and a six digit secret number known as a PIN number (Personal identification number) to perform their own banking

83.490 144. These ATMs normally dispense two or more denominations of paper money.100 93. Kalakota and Whinston.6 86.213 5. Even low-cost solutions. Number of EFTPOS Terminals MALAYSIA as at end of period 2004 2005 2006 2007 2008 2009 Unit International brand payment cards 1 n. Customer’s advice slips are automatically printed and dispensed except for balance enquires.9 193. Marcia Crosland of NCR Corp. highlighted that customers transacting on these ATMs are guided by instructions displayed o the video screens.Issue 21(2010) transactions”.0 71. challenge banks that fear scaring customers away from the ATM.808 .897 160.8 77.3 Value of cash withdrawals (RM billion) 62. Miranda F. and the unfortunate fact that one cannot know the true cost of fraud until one is hit with it. Card theft.5 215. Figures include Islamic b anks transactions. Mike Fenton (2000). In addition. such as an expiration date and card validation code (CVC). Managing the risk associated with ATM fraud as well as diminishing its impact are important issues that face financial institutions as fraud techniques have become more advanced with increased occurrences. ATMs are also becoming a competitive mark for many banks.1 174. ATMs Transactions in Malaysia 2000 – 2004 Automated Teller Machines 2 000 2001 2001 2003 2004 Number of ATMs 3. The industry has grave difficulty in measuring ATM fraud given the lack of a national classification. LIFBs. (2000) indicated that these associated cost reductions are driving ongoing changes in banking New technology brings benefits and risks and new challenges for human governance of the developments.8 Bank Negara Malaysia 2004. or worse. The plastic card contains a magnetic stripe or a chip that contains a unique card number and some security information. before they are credited to customers’ accounts. All deposits have to be accounted for by the bank staff.6 264. or the theft of card data. it is imperative to ensure that the customer's experience with the ATM is safe and secure.581 88. Hamelink.162 European Journal of Economics. Finance And Administrative Sciences . Islamic banks and finance companies. is the primary objective for potential thieves because the card contains all relevant account information needed to access an account. (2010) indicated that aside from revenue generation and cost savings. Figures in 2000-2003 represent transactions involving the domestic commercial banks .a. 20. the secrecy surrounding such frauds.161 4. In recent years there has been a proliferation of ATM frauds across the globe.592 34. Recent global ATM consumer research indicates that one of the most important issues for consumers when using an ATM was personal safety and security. such as customer awareness.Figures in 2000-2002 comprises domestic commercial banks.a.241 5.944 4.754 67. the ATM experience must be as safe and accommodating as possible for consumers.585 ATM card 2 n. (1996) mentioned that the financial services industry has been through 'structural and operational changes since the mid-1990s. (2002) indicated that the ATM is only one of many electronic funds transfer (EFT) devices that are vulnerable to fraud attacks. Therefore. and innovative use of new information technology. ATMs are becoming the only interaction they have with their banks. Diebold Inco.3 110. Figures in 2003-2004 include the DFLs. into the doors of a competitor.565 Volume of cash withdrawals in (million) 146. For many consumers. mentioned that over the past three decades consumers have come to depend on and trust the ATM to conveniently meet their banking needs. ATMs are becoming the face of many financial institutions.368 119.LIFBs and finance companies. mentioned that authentication of the user is provided by the customer entering a personal identification number (PIN). RCBC (2007). Cosa R and Barriuso (2006). electronic commerce.052 21. As financial institutions use the migration of cash transactions to self-service terminals as a primary method of increasing branch efficiencies.

This risk exists in each product and service offered.1 68.887. procedures. 570 pounds was wrongly deducted from John Allans’ Bank of Scotland account. three of them when he was away with his card in Andorra.3 24.815.534.3 244.236 30.174.847. Recent occurrences of ATM fraud range from techniques such as shoulder surfing and card skimming to highly advanced techniques involving software tampering and/or hardware modifications to divert. American Express and Diners Club Domestic PIN-based debit card scheme n. • Computer and Network attacks against ATM‘s to gather bank card information. has recently become more widespread.7 18. Visa.a Not available Note:Data is collected on a quarterly basis Number of Cards/Users of Payment Instruments as at end of period 2004 2005 2006 2007 2008 2 009 '000 Credit card 6. and controls to meet the new risk exposures introduced by e-banking.6 30.0 7.5 272.2 Debit card 1 10.198 28. expertise.1 44.901.771 29. the ATM experience must be as safe and accommodating as possible for consumers.1 245. also excludes Islamic Banks Frauds at ATMs Diebold Inco. As financial institutions use the migration of cash transactions to self service terminals as a primary method of increasing branch efficiencies. or trap the dispensed currency. Recent Global ATM consumer research indicates that one of the most important issues for consumers when using an ATM was personal safety and security*. The magazine concludes that this case marks a breakthrough because the bank acknowledged that money can get debited to a account without the use of the card plus the PIN.642 18. the bank reached an out –of court settlement with him. A total of 8 cash withdrawals were carried out. Basic internal controls including segregation of duties.833.861. ISACA (2007). and testing.3 10. in particular. dual controls.4 10.6 285. • Physical attacks against the ATM.5 8.198 MasterCard. indicated that fraud at the ATM although more difficult than at a POS. Institutions should determine the appropriate level of security controls based on their assessment of the sensitivity of the information to the customer and to the institution and on the institution’s established risk tolerance level.436. The day before the case was due to come to court. The level of transaction risk is affected by the structure of the institution’s processing environment.6 E-money 34. become more significant requiring additional processes. highlighted that the key to controlling transaction risk lies in adapting effective polices. Finance And Administrative Sciences .7 53.812. There are three basic types of ATM attacks: • Attempts to steal a customer‘s bank card information.034.6 285. Information security controls.8 46.583.0 9. In 1989.163 1 2 European Journal of Economics.4 21. including the types of services offered and the complexity of the processes and supporting technology. The magazine (1991).461.6 Charge card 286.115 28.874.150.237.817. and reconcilements remain important. Complaining to the bank was fruitless and later Mr Allan was going to sue the bank of Scotland.2 15. THEFT OF CUSTOMER‘S BANK CARD INFORMATION Card Skimming Fake ATM machines Card Trapping/Card Swapping .Issue 21(2010) E-money 16.676.8 Includes international Brand debit card and ATM card Source: BNM Annual Report (2004 – 2009)* refers to commercial banks only.4 61. tools. (2002). published that the UK consumer Association reported a case pf phantom withdrawals.

For example the Internet allows for the rapid dissemination of information which means that any incident. although the computer records showed that a genuine transaction had taken place. is common knowledge within a short space of time. . even when the ATM accepts cash and cheques deposits. This is a new type of systemic risk and is causing concern to e-banking providers. Banks need to be sure those customers’ rights and information needs are adequately safeguarded and provided for. the Internet puts an emphasis on reputational risks. Overall. The crooks have also captured your PIN number though some variation of shoulder surfing. as it may affect confidence in the Internet as a whole. Any problems encountered by one firm in this new environment may affect the business of another. There is therefore a risk that one rogue e-bank could cause significant problems for all banks providing services via the Internet. There are various So far the types of errors which can occur due to mechanical failure at the ATM terminal leading to the following problems:• ATM dispenses less cash to the customer but the account is debited correctly. It is this problem that has led to banks putting posters and other warnings on ATMs advising customers to visually inspect the machine to see if it has been altered or tampered with. • The customer’s account is debited but the cash is not dispensed by the ATM.Issue 21(2010) Distraction theft or ‘manual’ skimming Shoulder Surfing Leaving transaction ‘Live’ Cash trapping COMPUTER AND NETWORK ATTACKS Network attacks against ATMs Viruses and malicious software Phishing PIN cash-out attacks Utilizing a Fake PIN pad overlay PIN Interception PHYSICAL ATM ATTACKS Ram Raid Attacks Theft of ATMs Smash and Grab of ATMs Safe cutting/Safe Breaking Explosive Attacks The other most common cash dispenser fraud has become known as the "Lebanese loop" because criminals of Lebanese origin apparently first used it. The speed of the Internet considerably cuts the optimal response times for both banks and regulators to any incident. either good or bad. Normally errors can occur at any time. This has many variations but usually involves the cash machine being tampered with so that your card is not returned to you and is then removed by the criminals: alternatively if you get your card back a device has recorded the details of your magnetic stripe. Finance And Administrative Sciences . Types of Errors ATMs have been the most widely spread application of electronic banking.164 European Journal of Economics. Reputational Risks This is considerably heightened for banks using the Internet. There have also been cases of phantom withdrawals and the card-holder denying being responsible for those cash withdrawals. • The customer’s account is debited twice but the cash is only dispensed once by the ATM.

The bank’s internet systems may be exposed to internal or external attacks if controls are inadequate. the management must make sure that maintenance is preformed to ensure that the controls will be effective in the event of a fraud or misuse. • Reviewing the existing ATM centre environment • Identifying the critical information processing of ATM applications • Estimating the value of the ATM assets used by these application that must be protected • Quantifying the estimated loss associated with the occurrence of a fraudulent misuse of cards of unauthorised withdrawals etc. malware. It is essential including natural disasters or otherwise. what methods are going to be used to overcome these risks/threats. key logging. One Time Password token) • Who you are (eg. implement or modified in ways that minimize the relevant risks and the exposure associated with them. Even though the existing ATM controls may appear to be in operation. if a fraud or a misuse should occur. This is the highest risk category that requires the strongest controls since online transactions are often irrevocable once executed. The management may recommend that some of these controls be changed. and by whom. the controls are preformed. spyware. The management normally identifies the controls that are in operation that are to reduce the possible impact of these risks/threats. Personnel Identification Number) • What you have (eg. . and. Two factor authentications for system login and transaction authorisation can be based on any two of the following factors: • What you know (eg.165 European Journal of Economics. middleman attacks and other internet-based scams and malevolent exploits targeted at banks and their customers. Controls of all kinds which are applicable to the Automated Teller Machine must be identified. The EDP Audit Control and Security Newsletter (March 1991) indicated that risk analysis involves 4 steps. Finance And Administrative Sciences . • To provide reasonable assurance that the controls are functioning properly • To document when. Reviewing the Existing Operation of the ATM Installation that management identify all the various hazards to which ATM centre is exposed. banks should implement two-factor authentication at login for all types of internet banking systems and for authorising transactions. John Page and Paul Hooper (1987) indicated that compliance testing is used to determine the following: • To determine whether the necessary controls are in place. At times. This evaluation helps the financial institution to decide whether it is necessary to have controls to overcome losses which may arise from various risks associated with the ATMs. it is not even clear or detectable as to when and how attacks are launched from multiple locations in different countries In view of the proliferation and diversity of cyber attacks. how. The principal objectives of two-factor authentication are to protect the confidentiality of customer account data and transaction details as well as enhance confidence in internet banking by combating phishing.Issue 21(2010) Management Risk Analysis Management risk analysis identifies the nature of risk involved in detail. A heightened element of risk is that attacks against internet systems do not require physical presence at the site being attacked. how much loss is expected and how Bank is going to recover. Biometrics) comprises methods for uniquely recognizing humans based upon one or more intrinsic physical traits Risk analysis provides the financial institution with variable information as to how much investment it should make to enhance the security and controls of its ATM installation. A plan is normally formulated as to how these ATM risks are going to be identified.

Estimating the ATM Loss Estimating losses can be difficult. . b) Time logged on/Settlement time. g) Overall review of ATM management resources etc. Normally the loss is only a very small percentage when compared to the overall volume and amount transacted within the bank.g. e) Total amount withdrawn of transferred etc.Issue 21(2010) ATM Risk Management ATM risk management is a ongoing process of identifying. Dr Catherine P Smith (1987) indicated “that normally the loss could be due to human error. c) Number of Cardholders. misuse or unauthorised use of the ATM card etc.166 European Journal of Economics.g. monitoring and managing potential risk exposure considering as ATMs relates to payment systems.” Most financial institutions treat ATM losses unless it is major as a small loss unless it is a major fraud. The following should be considered:• General Supervision • Transaction Processing • System administration Identifying the Various Areas The management can identify the major area of risks by doing an analysis or statistical sampling of the information given below. Care should also be taken in determining the value of the installed software. e. It is important to determine a reasonable estimate of the overall value of the ATM installation. What should be done is to find a way to reduce risks and threats to an acceptable level and to provide a method of recovery of ATM losses. They should be able to form an opinion from this information below:a) Total number of ATM’s and their usage. Arens and James K Loebbecke ( 1988) indicated “that it is not possible to establish my dollar. technical error or deliberate action such as fraud. Finance And Administrative Sciences . Firstly to reduce the losses at the ATM and Normally secondly to find a way to fund or recover these losses. d) Number of Transactions. Only after management have identified these areas can the controls be increased. Alvin A. customer’s financial data are subjected to fraudulent interception at many points. audit techniques can be used to evaluate the consequences of fraud or misuse at the ATM prior to recommending improved controls. e. changed or modified. There are several exposures to losses inherent in an ATM installation. and may more areas. Upon management identifying the risks. Withdrawals and transfers etc. f) Number of ATM reports generated etc. exposure occurs when a customer transfers funds over communication links. ATM Security Measuressecurity measures are divided into 2 groups.value guidelines as it depends on a number of factors which the management analyses and forms a decision”.

Yestingsmer (1986) indicated that “software audit techniques include a review of program listing. use to test input/output data with expected results and auditing of the ATM system processing program using error detectors built into the system.M Richards and J. General ATM Operation and Organisation Controls The operation and organisational controls are designed to ensure that functions are segregated among individuals. such as General Application controls. 1. The ATM audit log is useful as it identifies and diagnoses security violation. e. Miklos A Vasarhelyi and Thomas W Lin (1988) indicated that “there should be segregation” in order to limit an individual to only one interface with the system. This technique is to make intercepted data useless to the interceptor by making it too difficult or too expensive to decipher. The advantage is that it helps to analyse the way in which the ATM program operates. Integrity and Availability (CIA).g To separate:• application testing from systems design and programming and • System software programming from application programming.Issue 21(2010) Measures to Reduce Losses ATM Audit Log a). These ATM utility programs provide the opportunity for management to examine that the ATM programs are being properly executed and are not being overridden or by-passed. . • Uncollected cards not only take up valuable space for storage but also pose a security risk to the bank through fraudulent use of these cards by bank staff. Risks/Threats • Mailed cards being intercepted before reaching the authorised address. firstly the magnetic card and secondly the PINs. hence it is important to separate the system development individuals. Software Auditing R. It traces figures contained in a report back to the point of processing and from processing to the source of the input. By using the audit software. applications controls and Platform controls. Finance And Administrative Sciences . Tracing is software used by the auditor to identify which instructions were used in a program and in what order”. Encryption Encryption is an effective technique for protecting the ATM system. business process controls. The the The ATM audit log provides information that is recorded after the incident. b). This means there is little risk if disclosure. Software auditing provides system integrity to management and also provides an opportunity for management to identify security and control weakness. Making of the PINs is not to be carried out by people who are processing the cards. This I requirement should be addressed with controls implemented at different levels of the ATM implementation.167 European Journal of Economics. There are several good security packages that can monitor an ATM software execution to detect possible tampering with the programs. c). There are two main important elements in an ATM system. Most ATM systems rely heavily on programmed controls within the ATM system software. Control sn general the process should ensure Confidentiality. frauds and misuses can be detected in a timely manner.

3 PINs longer than four digits are security hazards. 2. the embossing department should be kept locked. Mailing of the PI N is carried out subsequent to card mailing. Application Close supervision is necessary within the embossing department. Later the customer has the choice of selecting his own PIN number at the ATM. Appropriate control should be included during reconciliation. . For security reasons all systems documentation concerning PIN generation/encryption and decryption keys must be under tight control at all times. 4 Issuing replacement PIN numbers to customers. extreme care must be taken when requests for new PINs are made. It is important for security reasons that the request for a new PIN should be in writing. PINs can be assigned by the institution or can be customer selected. This can be achieved by proper segregation of duties. A temporary PIN is issued which can be used at the ATM immediately. Furthermore the envelopes should be issued based on a predetermined control number. Security and Control of PIN (Personal Identification Number) A PIN is a “personal identification number” . Finance And Administrative Sciences .168 European Journal of Economics. Furthermore.Issue 21(2010) • Retained cards – these ATM cards pose an even greater risk. the method of selecting PIN or encryption keys may become known and duplicated PINs and mailers be prepared. • Stolen cards not being reported immediately • Stocks of blank cards could lead to unauthorised cards being issued leading to fraud. Adequate control should be carried out when PIN is produced for mailing. verification of withdrawals and date/time of transactions was completed. the true owner of the card stands to lose a substantial sum of money. Application Controls and security purpose the PIN which is in encrypted form is stored in a database file for For controls security purposes. The PIN is forwarded to the customer in a separate mailer on a different day. as holders may be tempted to write down their number to remember them. 2 The PIN mailers are intercepted during mailing. If control and security is not tight. The PIN is only activated upon the use of the card by the customer at the ATM. PINs which are generated for the customer can be derived from the customer’s account number and a logarithm used. This is a number consisting of four numerical characters which is essentially a cardholder’s password. • Inadequate supervision of embossing of the card. If the person making the request has stolen the card or is not authorised to use it. These PINs are normally stored in an encrypted form at the ATM. Business Process Controls In general no one person should handle all the transactions. During hours of non-production. There should be two staff in charge of the process in order to have dual accountability for stock. if they fall into the wrong hands and are misused. where control on card issuance should be rigorous after embossing. Personnel having access to cards must be denied access to PINs whenever cards are prepared and processed. Risks/Threats There are a number of risks involved in the management of PIN numbers:1 There is the integrity of the PIN itself. The PIN mailers are prepared separately.

Clients are often relationship oriented and enjoy person-to-person transactions. This covers all transfers of funds which are lost as a result of a fraudulent input into system. Encryption protocols etc Measure to Use if Fraud does occur at the ATMs Unfortunately. Platform Controls Controls to consider should include:I. This must be considered and adequately planned for. The PIN must be scrambled or encrypted if printed or displayed on terminal screens. For control and security reasons the PIN mailers should not have direct reference or correlation to the customer’s account number or identification of the financial institution. when switching from highly personalized services to automated transactions. • Printed receipts should be dispensed by the ATM for every ATM transaction. . It is important for financial institutions to have a straight loss control program in order to fully protect its ATM customers itself. ATMs require a high degree of additional control beyond those traditionally employed by financial service providers. • Realistic maximum transaction and maximum daily total limits should be implemented for ATM withdrawals. technology will never solve the problems of an inefficient and poorly managed institution. Finance And Administrative Sciences . institutions must be prepared to educate clients on the benefits and train them in the use of the new technology. Normally insurance companies provide banks with a Bankers Insurance Coverage. technology may just automate problems and highlight inefficiencies. losses and security breaches do occur. These transactions build trust and familiarity while automating processes can depersonalize services and alienate clients.169 European Journal of Economics. which includes losses that “the cover needed will vary depending upon the risk”. It is important to have a recovery procedure which will identify if losses occur through the ATMs. It is recommended that the customer’s PIN should not be displayed on the PIN mailer.Issue 21(2010) For control purposes confirmation of numbers of PINs generated must be carried out against the total application approved. Other Controls are as follows:• Access controls and authorisation to any addition. Communication protocols ii. Communication Controls i. Institutions need to make sure they are able to track funds that have been deposited into the ATMs but not yet accounted for in central accounts as fraud or errors may be involved with the deposit. Algorithm III. • Any changes to cardholder details should be authorised by the officer at the next level. In addition to the Bankers Insurance cover there is also computer crime insurance cover. 3. When initiating new technologies such as offering financial services through ATMs. On its own. • Every ATM transaction should be acknowledged by e-mail or a short message script sent to the mobile phone to confirm or alert the user that a transaction was performed. Failing to do so can reduce adoption rates and/or lead to a rejection of the technology by the targeted clients. Encryption II. deletion or changes to ATM transaction details should be implemented. At such an institution.

meaning offering service through several distribution channels (ATM. this creating relationships with banks. it is important to note that they vary significantly. physical branches) and have more functions available online. With all these benefits banks can obtain success on the financial market. . But e-banking is a difficult business and banks face a lot of challenges. Source:ISACA -Information Systems Audit and Control Association (2007) Conclusion Praveen Dalal (2006) indicated that although comprehensive computer insurance cover is available to Banks for losses relating to ATMs. This means that banks can offer a wider range and newer services online to even more customers than possible before. Other benefits are expanded product offerings and extended geographic reach. Finance And Administrative Sciences . Internet.Issue 21(2010) Some suggested Audit EFT Procedures • Physical Controls • Process Controls • Transmission and System failures • System logon controls • Messaging controls • Transfer Controls • PIN controls • Card Controls • Back –end application • Front end application • Transaction Journal/ Audit Trail • Visible Terminals. from anywhere. By utilizing careful ATM analysis and the best prevention and reduction methods acceptable levels of ATM risks can be maintained. and they get involved more. One of the benefits that banks experience when using e-banking is increased customer satisfaction. With e-banking banks can reduce their overall costs in two ways: cost of processing transactions is minimized and the numbers of branches that are required to service an equivalent number of customers are reduced. The benefit which is driving most of the banks toward e-banking is the reduction of overall costs. This due to that customers may access their accounts whenever.170 European Journal of Economics. Banks should provide their customers with convenience.

Bank Info Security . 28] www. Addison Wesley. The Sydney Morning Herald . 27] Campion. "Electronic Commerce: A Manager’s Guide" 2nd Edition.0/mode.cgap. Vol XVIII No 21(2010) References and sources 1] ISACA// www. 25] John and Paul H (1987) Accounting and information Computer Auditing Insurance. 3 editions Prentice Hall.detail/ 8] 15] Marcia Crosland. ATM Networks. 22] James essinger (1987). Compliance testing in a computer environment. N. A key to security in Electronic Funds Transfer System Elsevier Science publishers. Whinston. and Africa. 20] Praveen Dalal (2006) Preventive measures for ATM Frauds.denverpost. ‘ATM Fraud: Growing Threats to Financial Institutions‘ .com/threatlevel/2009/04/pins/ 9] 2] http://www. Their organisation security and finance. NCR Corp. Robert Parker. “Automating Microfinance: Experience from Latin America. 23] Alvin AA and James K Loebbecke (1988) .eu 10] McGlasson L. Pitman Books Ltd. published by Elservier Int Bulletin Chp 6 Future developments. 5] http://www. Chp16. Asia. ‘Bondi banks scam: ATM alert‘. 14] Kalakota. 12] Robinson G.(2010). and A. Banking systems and technology.bankinfosecurity. Anita & Sarah Halpern. Finance And Administrative Sciences . Computer crime research centre Preventive measure for ATM frauds.atmmarketplace.mydigitallife.Ind. B. 2001. (2002).com 11] ATM crime (2009): Overview of the European situation and golden rules on how to avoid it. 7] http://www. Consumer behaviour drives innovation inn ATM technology.” MicroFinance Network. October 2008. C. 16] ISACA (2001) .wired.1/navstart.atmsecurity. Edition. http://www. 26] Andrew D Chambers (1981).europa. 18] Mike Fenton (2008) by Admin. London. Information Systems Audit and Control Association. 21] Diebold Inco.html .isaca. Auditing an integrated approach 4 th edition Chp8 pg 231-269 prentice hall Int. http:/www.html 3] http://www." Kogan Page.CG AP IT Innovations Series 29] www.theregister. Taking ATM fraud prevention to the next 4] http://www. 24] The EDP Audit. "Living the 6] http://www.Acss Control software: What it will and will not do." Sage. "The Ethics of Cyberspace.5/search. ATM Fraud Security white paper.0/id. Control and Security Newsletter (1991) EDPACS. R.computerworld. The Blog. Chp5.. London. Electronic Banking (e Banking) Consumer protection Policy. 19] Roy Martin R and Jan Y (1986) Computer and Security Risk Management.171 European Journal of Economics.mfnetwork. 17] RCBC (2007) Rizal Commercial Banking Corporation. 13] Hamelink. Is Auditing Procedure (Electronic Fund Transfer( EFT).

Sign up to vote on this title
UsefulNot useful