18.3 PROTECTING ATM TRANSACTIONS

In the 1960s, the banking industry considered offering certain electronic banking services to be performed at unattended banking terminals now referred to a automated teller machines (ATM). The advantages of ATMs to the industry were significant:

  • Customers would be able to perform certain banking transactions – deposits, withdrawals, account queries, account-to-account transfers – at any hour of the day.
  • The bank would save on the considerable cost of processing checks; ATM terminals do not require medical benefits, they can be discharged at will.
  • Electronic transactions would not require human supervision or intervention, permitting labor savings.

Two conflicting forces have influenced the design of electronic banking systems:

  • Profitability – the desire by the bank to improve their bottom line;2
  • Security – the fear that individuals might learn how to penetrate the system, for example, to empty the ATM of cash in a largely invisible manner.

The considerable experience of banks with credit card transactions pointed to certain risks, including the use of counterfeit, lost, or stolen banking cards.3

It was decided that a valid transaction would therefore require a customer to offer two bona fides in establishing a customer's identity:

  • The banking card recording the user primary account number (PAN) on the card's third stripe;
  • A separate identifying element.

Possession of an ATM card alone would not permit a customer to enter into a transaction. ...

Get Computer Security and Cryptography now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.