CONTENTS

SL.

NO. DESCRIPTION PAGE NO.

1. Introduction 1

2. What is ATM? 2

3. Types of ATM cards 5

4. ATM fraud 8

5. Securing 10

6. RFID 13

7. ATM using RFID & GSM 14

8. Counter measures 22

9. Conclusion 24

10. References 25
 1

1 INTRODUCTION

Since their invention in the early 1970s, Automated Teller Machines (ATM) have been
subject to multiple types of attacks. In their early years those attacks were typically
targeted at the cash inside the machine. In later years, this was supplemented by attacks on
the private data of the ATM users, namely the card data and the user’s personal
identification number (PIN). Recent years have seen a substantial increase both in number
and sophistication of ATM attacks. This can be seen both in the official statistics of the
relevant police forces [3], but even more in the statistics that are internally available to
banks and ATM manufacturers. Due to the importance of ATMs in the overall cash flow
and the global cash supply, fighting this kind of crime has become a major interest for both
the banking industry and the police.
Yet, similar to the recent developments in the anti-virus industry it has become
harder and harder to prevent all types of attacks by security technology. Most of today’s
security solutions are highly specialized countermeasures against certain attacks and
represent answers to ever-changing attack techniques that have been found in the field over
the years. However, the industry is currently facing a new level of sophistication on the
attacks that makes it harder and harder to find technical solutions that can actually prevent
attacks without sacrificing the serviceability of the ATMs. In recent years, the attackers
have moved from small solitary groups to multinational organized crime organizations
with considerable development and reverse engineering capabilities that are able to attack
large numbers of ATMs in a short time. Therefore, attack detection and mitigation
technologies are moving more and more into focus: If it is not possible to prevent an attack,
the ATM should at least be able to detect that something strange is going on and act
accordingly by shutting itself down or providing an alarm signal.
 2

2. What Is an Automated Teller Machine (ATM)?

An automated teller machine (ATM) is an electronic banking outlet that allows customers
to complete basic transactions without the aid of a branch representative or teller. Anyone
with a credit card or debit card can access most ATMs.

The first ATM appeared in London in 1967, and in less than 50 years, ATMs spread around
the globe, securing a presence in every major country and even tiny little island nations
such as Kiribati and the Federated States of Micronesia.

ATMs are convenient, allowing consumers to perform quick, self-serve transactions from
everyday banking like deposits and withdrawals to more complex transactions like bill
payments and transfers.

Understanding Automated Teller Machines (ATMs)

Since the first ATM appeared in 1967, the popularity of these machines has steadily been
on the rise. There are more than 3.5 million ATMs in use across the world. They are also
known in different parts of the world as automated bank machines (ABM) or bank
machines.

There are two primary types of ATMs. Basic units only allow customers to withdraw cash
and receive updated account balances. The more complex machines accept deposits,
facilitate line-of-credit payments, transfers, and report account information. To access the
advanced features of the complex units, a user must be an account holder at the bank that
operates the machine.

Analysts anticipate ATMs will become even more popular and forecast an increase in the
number of ATM withdrawals. ATMs of the future are likely to be full-service terminals
instead of or in addition to traditional bank tellers.

[Important: The average amount withdrawn from an ATM is $60.]

Parts of an ATM
Although the design of each ATM may be different, they all contain the same basic parts:

 Card Reader: This part reads the chip on the front or the magnetic stripe on the back
of the card.
 Keypad: The keypad allows the consumer to input information like the PIN, the
type of transaction he or she intends to do, and the amount of the transaction.
 Cash dispenser: Bills are dispensed through a slot in the machine, which is
connected to a safe at the bottom of the machine.
 3

 Printer: If required, consumers can request receipts which are printed here. The
receipt records the type of transaction, the amount, and the account balance.
 Screen: The ATM issues prompts that guide the consumer through the process of
executing the transaction. Information is also transmitted on the screen such as
account information and balances.
4
 5

3.TYPES OF ATM CARDS

ATM CARD
An ATM card (known under a number of names) is any card that can be used in automated
teller machines (ATMs) for transactions such as deposits, cash withdrawals, obtaining
account information, and other types of transactions, often through interbank networks.
Cards may be issued

CREDIT CARD
A credit card is linked to a line of credit (usually called a credit limit) created by the issuer
of the credit card for the cardholder on which the cardholder can draw (i.e. borrow), either
for payment to a merchant for a purchase or as a cash advance to the cardholder. Most
credit cards are issued by or through local banks or credit unions, but some non-bank
financial institutions also offer cards directly to the public.

The cardholder can choose either to repay the full outstanding balance by the payment due
date or to repay a smaller amount, not less than the "minimum amount", by that date. In the
former case, interest is typically not charged; while in the latter case, the cardholder will be
charged with interest. The rate of interest and method of calculating the charge vary
between credit cards, even for different types of card issued by the same company. Many
credit cards can also be used to take cash advances through ATMs, which also attract
interest charges, usually calculated from the date of cash withdrawal. Some merchants
charge a fee for purchases by credit card, as they will be charged a fee by the card issuer.

DEBIT CARD
Purchasing by debit card

With a debit card (also known as a bank card, check card or some other description) when
a cardholder makes a purchase, funds are withdrawn directly either from the
cardholder's bank account, or from the remaining balance on the card, instead of the holder
 6

repaying the money at a later date. In some cases, the "cards" are designed exclusively for
use on the Internet, and so there is no physical card.[9][10]

The use of debit cards has become widespread in many countries and has overtaken use of
cheques, and in some instances cash transactions, by volume. Like credit cards, debit cards
are used widely for telephone and internet purchases.

Debit cards can also allow instant withdrawal of cash, acting as the ATM card, and as
a cheque guarantee card. Merchants can also offer "cashback"/"cashout" facilities to
customers, where a customer can withdraw cash along with their purchase. Merchants
usually do not charge a fee for purchases by debit card.

CHARGE CARD
With charge cards, the cardholder is required to pay the full balance shown on the
statement, which is usually issued monthly, by the payment due date. It is a form of
short-term loan to cover the cardholder's purchases, from the date of the purchase and the
payment due date, which may typically be up to 55 days. Interest is usually not charged on
charge cards and there is usually no limit on the total amount that may be charged. ] If
payment is not made in full, this may result in a late payment fee, the possible restriction of
future transactions, and perhaps the cancellation of the card.

solely to access ATMs, and most debit or credit cards may also be used at ATMs, but
charge and proprietary cards cannot.

The use of a credit card to withdraw cash at an ATM is treated differently to an POS
transaction, usually attracting interest charges from the date of the cash withdrawal. The
use of a debit card usually does not attract interest. Third party ATM owners may charge a
fee for the use of their ATM.

STORED-VALUE CARD
With a stored-value card, a monetary value is stored on the card, and not in an externally
recorded account. This differs from prepaid cards where money is on deposit with
the issuer similar to a debit card. One major difference between stored value cards and
 7

prepaid debit cards is that prepaid debit cards are usually issued in the name of individual
account holders, while stored-value cards are usually anonymous.

The term stored-value card means that the funds and or data are physically stored on the
card. With prepaid cards the data is maintained on computers controlled by the card issuer.
The value stored on the card can be accessed using a magnetic stripe embedded in the card,
on which the card number is encoded; using radio-frequency identification (RFID); or by
entering a code number, printed on the card, into a telephone or other numeric keypad.

FLEET CARD
A fleet card is used as a payment card, most commonly for gasoline, diesel and other fuels
at gas stations. Fleet cards can also be used to pay for vehicle maintenance and expenses, at
the discretion of the fleet owner or manager. The use of a fleet card reduces the need to
carry cash, thus increasing the security for fleet drivers. The elimination of cash also helps
to prevent fraudulent transactions at the fleet owner's or manager's expense.

Fleet cards provide convenient and comprehensive reporting, enabling fleet

owners/managers to receive real time reports and set purchase controls with their cards,
helping to keep them informed of all business related expenses. They may also reduce
administrative work or otherwise be essential in arranging fuel taxation refunds.

OTHER
Other types of payment cards include:

 Gift card
 Digital currency
 Store card
 8

4.ATM FRAUD

SKIMMING
Skimming attacks target the data that is stored on the card of the ATM user
to later use it to withdraw money. Usually, the main object of interest is still the magnetic
stripe data that typically holds the user’s banking account data and some other additional
information.7 A typical card skimmer consists of a very small magnetic read head and
some devices to either store or transmit the captured data. They are positioned in front or
inside the front area of the card reader of the ATM. Most recently, there have also been
findings of chip-based skimming devices that are placed between the smart card reader and
the card.
CARD TRAPPING
The objective of card trapping attacks is to capture the card instead of
just the data. Typical attacks use small loops or other devices to jam the card in the card
reader. When the user leaves the ATM to inform the bank manager about the jammed card,
the attacker quickly uses a corresponding device to retrieve the jammed card. PIN
Capturing To successfully withdraw money from a bank account, the attacker not only
needs the card data, but also the PIN of the users. Therefore, each skimmer is usually
accompanied by a second device to capture PIN entries. This is very often done by a
miniature camera behind a hidden panel or by PIN pad overlays. A PIN pad overlay
mimics the surface of the original PIN pad and which is put on top of the original PIN pad.
It registers the pressed keys and stores the information in a recording device. Cash
Trapping Cash trappers are devices that are put in front or inside the cash output
slot of the ATM. They trap or capture the dispensed money and make it inaccessible to the
user. When the user then leaves the ATM, the attacker quickly captures the money from the
manipulated ATM.
Forced Opening A wide range of ATM attacks just try to forcibly open the safe that holds
the money. The most typical attack in this area is to fill the dispenser with some gas that is
then brought to explosion. Other attacks use the cash retract function—which retracts the
 9

money into the ATM if it is not taken—to place a flat sheet of plastic explosives inside the
safe.
MALWARE In recent years the amount of software-based attacks has risen considerably.
The typical target of this attack is to gain software access to the cash dispenser to issue cash
dispense commands and to empty the ATM. However, there are numerous other attack
scenarios that have been encountered in the field, e.g. capturing user data, modifying the
ATM-to-host communication or simply to bring the ATM out of service. To protect the
ATM against such attacks, the ATM manufacturers have come up with numerous solutions
and products to, most preferably, make the attack impossible or to atleast detect the attack.
 10

5.SECURING

SECURING THE SAFE Recent technology trends are safes that even survive a gas
explosion by discharging the internal pressure in a controlled way. The safe locks have
become more secure as well, e. g., with code locks, time-based locks, etc. In addition, many
ATMs now have gas sensors that raise an alarm, when the concentration of explosive gas in
the safe has reached a threshold.
SECURING THE PIN PAD The PIN transport is always encrypted. In most countries,
each PIN is encrypted by a uniquely derived key and can only be decrypted at the banking
host. Therefore, it is impossible to capture the PIN with a software-based attack. In
addition, the PIN pad itself is a high security device that destroys its keys, if it is opened or
removed from the system. Protecting the PIN pad from PIN capturing attacks, however, is
a different matter. There currently exists only one technical solution to detect PIN pad
overlays and no solution at all to protect ATMs against PIN capturing via camera.
SECURING THE CARD READER Nowadays the security of the card reader relies
on the secure communication between the smart card chip and the host. However, there
still exist several countries, where card security is still based on the magnetic stripe or uses
it as the fallback solution. To secure the card reader against skimming attacks, there exist a
plethora of solutions:improved mouth pieces to impede easy skimming, intelligent mouth
pieces that generate an alarm when removed, electromagnetic skimming detectors (based
on metal detection), optical skimming detectors (based on cameras), or electromagnetic
field generators to prevent skimming at the ATM.
SECURING THE CASH DISPENSER There exist several approaches and solutions
against cash trapping attacks, ranging from cash dispense slot design changes to optical or
camera based solutions. In addition, the communication to the cash dispenser is encrypted
in most countries. However, only very few banks have an end-to-end encryption in place to
ease servicing. Recent years have seen a constant increase in software attacks on the cash
 11

dispenser ranging from direct attacks against cash dispenser firmware to attacks on all
software layers of the ATM.
SECURING THE SOFTWARE ATM software security solutions typically try to
prevent access to important system resources and to prevent malware from attacking the
system. Today’s software security suites typically contain three
sub-components:Operating system
12
 13

6.RFID
RFID is an acronym for “radio-frequency identification” and refers to a technology
whereby digital data encoded in RFID tags or smart labels (defined below) are captured by
a reader via radio waves. RFID is similar to barcoding in that data from a tag or label are
captured by a device that stores the data in a database. RFID, however, has several
advantages over systems that use barcode asset tracking software. The most notable is that
RFID tag data can be read outside the line-of-sight, whereas barcodes must be aligned with
an optical scanner. If you are considering implementing an RFID solution, take the next
step and contact the RFID experts at AB&R® (American Barcode and RFID).

 RFID (radio frequency identification) is a technique facilitating identification of

any product or item without the requirement of any line of sight amid transponder
and reader.

 RFID Structure is continuously composed of 2 main hardware components. The

transponder which is located on the product to be scanned and the reader which can
be either just a reader or a read & write device, depending upon the system design,
technology employed and the requirement. The RFID reader characteristically
comprise of a radio frequency module, a controlling unit for configurations, a
monitor and an antenna ti investigate the RFID tags. In addition, a number of RFID
readers are in-built with an extra interface allowing them to forward the data received
to another system (control system or PC).

 RFID Tag – The actual data carrying tool of an RFID structure, in general comprise
of an antenna (coupling element) and an electronic micro-chip.
 14

7.ATM USING RFID & GSM

The main objective is to design a MODEL ATM machine using RFID and GSM
technologies. Here we design a model of how really ATM machine works, with
some limited features. Also in this model we use wireless smart card (RFID).

This project uses a microcontroller from 8051 family. The primary objective of this
project is to detect SMART CARD and we can withdraw amount from it. To
demonstrate this project, we assign a default amount (10,000) to a specific smart
card, when we check that card with RFID READER we can withdraw and check
available balance in the card.

The program thereafter takes over to send an SMS through GSM modem
interfaced through TX, RX pin to the microcontroller. An LCD is also interfaced with
the MC to display required information. Thus, the proposed model is designed to
demonstrate a working model of bank ATM machine. In future we can interface
with cash machine to withdraw specific amount.
15
16
 17

1.Power supply ( 12v step down transformer, rectifier, 7805 voltage regulator,
capacitor, resistor, LED)
2. 89s52 microcontroller
3. 16×2 lcd
4. SIM900 GSM module
5. RFID READER (EM 18) & TAG
6. 4×3 matrix keypad
7. Switches and Buzzer

CIRCUIT WORKING:
1. AT89S52 is an 8-bit MCU with 8k flash, 256 bytes of RAM, 40 pins with 32 I/O
pins. It controls all the interfaced components according to the program written. Its
receives the ATM card data from reader, check with its memory, display with LCD,
and send SMS through GSM module. We can also check balance as well as
withdraw amount using 2 switches interfaced with microcontroller. If unauthorized
card shown, then buzzer will be activated.

2. 16×2 LCD (Liquid Crystal Display) screen is an electronic display module and
finds a wide range of applications. These modules are preferred over seven
segments and other multi segment LEDs. The reasons being;

3. LCDs are economical; easily programmable; have no limitation of displaying

special & even custom characters (unlike in seven segments), animations and so on.
A 16×2 LCD means it can display 16 characters per line and there are 2 such
lines. In this LCD each character is displayed in 5×7 pixel matrix. This LCD has
two registers, namely, Command and Data. It was used to display card
authentication, Balance Check and Withdraw Option
18
 19

4×3 MATRIX KEYPAD:KEYPADS are a part of HMI or Human Machine Interface

and play really important role in a small embedded system where human interaction or
human input is needed. We make the coloums as i/p and we drive the rows making them
o/p, this whole procedure of reading the keyboard is called scanning.

To detect which key is pressed from the matrix, we make row lines low one by one and
read the columns. Let’s say we first make Row1 low, then read the columns. If any of the
key in row1 is pressed will make the corresponding column as low i.e. if second key is
pressed in Row1, then column2 will give low. So, we come to know that key 2 of Row1 is
pressed. This is how scanning is done.

Keypad was used to Enter amount to be Withdrawn. We are programmed it like this to
entered amount must be in 4 digits. If you want to withdraw 400 you have to enter 0400. ‘#’
key used for Enter option.

SIM900 GSM MODULE: GSM module is used in many communication devices which
are based on GSM (Global System for Mobile Communications) technology. GSM module
only understands AT commands, and can respond accordingly. The most basic command
is “AT”, if GSM respond OK then it is working well otherwise it respond with “ERROR”.
There are various AT commands like ATA for answer a call, ATD to dial a call,
AT+CMGR to read the message, AT+CMGS to send the sms etc. AT commands should be
followed by Carriage return i.e. \r (0D in hex), like “AT+CMGS\r”. We can use GSM
module using these commands. We use microcontroller’s serial port to communicate with
GSM, means using PIN 10 (RXD) and 11 (TXD).

GSM MODULE was used to send transaction alert to the user about the amount withdrawn
from its account.

RFID READER: An RFID (Radio-frequency identification and detection) reader is a

device which is used to communicate with RFID tags by receiving and transmitting
 20

signals. These signals use radio waves for wireless communication. The identification is
done through a unique serial number.

EM18 RFID reader used for scanning RFID based ATM card. It detects the card and sends
the card information to Microcontroller.

POWER SUPPLY: All the components are DC components, so we must convert AC

supply to DC with 12v stepdown transformer & a full-wave bridge rectifier. We have the
requirement of 5V for LCD, Microcontroller, RFID, BUZZER & 12v for GSM MODULE.
To generate different voltage, we use Voltage regulator 7805 & 7812.

SIM900 GSM MODULE:GSM module have 3 pins named Tx, Rx and GND available
on the module. We connect Tx pin of GSM to Rx pin(P3^0) of MC and Rx pin of GSM
with Tx pin(P3^1) of MC. We also must put a SIM inside the microcontroller with balance
or SMS pack. Check the network LED on module and if network available then modem is
now ready.
21
 22

8.COUNTER MEASURES
The banking industry must consider a global view of ATM fraud by tracking the crimes
related to ATMs in every part of the world and proactively develop solutions to minimize
their materialization and the related losses.

Deployment of biometric capabilities in ATMs authentication system with biometrics,

fraudulent incidents can be minimized as an added layer of authentication is introduced
that ensure that even with the correct pin information and possession of another person’s
ATM card, the user’s biometric features cannot easily be fake.

 Migrate to EMV chip based card readers as magnetic strip is vulnerable to

skimming.

 Active E-alerts so as to notify the account owner of movement on his or her

account, especially debits.

 Consider where viable, ink stain technologies that will ruin and make
unusable any removed bank notes.

ADDRESS HUMAN RESOURCE ISSUE

 Train the staff handling card request and issuances.

 Establish clear job description and accountabilities for the staff handling
card/pin requests & issuances.

 Review remuneration of front office staff.

RETHINK WHAT CONSTITUES PHYSICAL SEQURITY

 Engage the firms providing physical security to interest them into

broadening their understanding of security requirements that are adaptive to
human behavior.

 Use of effective surveillance system ;CCTVs sensors that detect physical

attack, especially in remote locations
 23

STOCK MANAGEMENT

 Institute effective oversight over card operations origination, production, storage &
issuance.

 Consider stock management and tracking system.

 Get to know the appearance of your ATM room.

 Familiarize yourself with the look and feel of your ATM fascia particularly pay
attention to all of the touch and action points.(eg :keypad, card entry slot, lighting
diffusers)

 Inspect the front of the ATM for unusual or nonstandard appearance .scratches
,marks, adhesive or tape residues could be indicators of tampering.

 Report any unusual appearance immediately to nearest branch .

 24

9.CONCLUSION
. CONCLUSION At present there are various techniques which are being
successfully used for security of ATM Machine. An example is using CCTV
camera for successfully recording the video footage of all the transactions activity in
the ATM but such simple security methods weren’t enough to provide much
security. Thus GSM technology intervened. The information related to the attack or
the threat occurring in the ATM is initially sensed and simultaneously the
information is encoded and sent off to the receiver using radio frequency signals.
These radio frequency signals have wide range of transmission and thus can be
placed at any distance. Door is closed and thus the thief can’t escape. Toxic gas
generation unit is activated at the same time, the thief becomes unconscious thus the
internal activities that again occur in the ATM is prohibited. Power saving mode
saves a lot of power. Alarm generation unit alerts the surrounding people about the
irregular activity within the ATM. GSM provide a pathway for the delivery of the
messages to 2 different people in case of holidays. The bistable can finally be only
reset by the head of the bank. Thus the security features were enhanced largely for
the stability and reliability of owner recognition. The method of protecting the ATM
machine can be said as a method having no disadvantages. The whole system was
build on the technology of embedded system which makes the system more safe,
reliable and easy to use.
 25

10.REFERENCES

Priesterjahn2015-GeneralizedATMFraudDetection

Gateway_ProjectManagementSoftwareTesting

https://electronicsforu.com/electronics-projects/prototypes/atm-machine-using-
rfid-gsm/2

https://www.irjet.net/archives/V5/i6/IRJET-V5I6171.pdf
26