CONTENTS
Topics Page No.
1. INTRODUCTION 6
2. HISTORY OF AN ATM 8
3. ATM 11
4. NEED OF FACIAL RECOGNITION 19
5. WHERE IT IS USED 21
6. HOW FACIAL RECOGNITION WORKS 25
7. REPUTATION AMONG ATM OWNERS 36
8. CONCLUSION 41
9. BIBLIOGRAPHY 43
1.Introduction
The rise of technology has brought into force many types of equipment that aim at more customer satisfaction. ATM is one such machine which made money transactions easy for customers to bank. The other side of this improvement is the enhancement of the culprit's probability to get his 'unauthentic' share. Traditionally, security is handled by requiring the combination of a physical access card and a PIN or other password in order to access a customer's account. This model invites fraudulent attempts through stolen cards, badly-chosen or automatically assigned PINs, cards with little or no encryption schemes,employees with access to non-encrypted customer account information and other points of failure.Our paper proposes an automatic teller machine security model that would combine a physical access card, a PIN, and electronic facial recognition. By forcing the ATM to match a live image of a customer's face with an image stored in a bank database that is associated with the account number, the damage to be caused by stolen cards and PINs is effectively neutralized. Only when the PIN matches the account and the live image and stored image match would a user be considered fully verified.The main issues faced in developing such a model are keeping the time elapsed in the verification process to a negligible amount, allowing for an appropriate level of variation in a customer's face when compared to the database image, and that credit cards which can be used at ATMs to withdraw funds are generally issued by institutions that do not have in-person contact with the customer, and hence no opportunity to acquire a photo.Because the system would onlyattempt to match two (and later, a few) discrete images, searching through a large database of possible matching candidates would be unnecessary. The process would effectively become an exercise in pattern matching, which would not require a great deal of time. With appropriate lighting and robust learning software, slight variations could be accounted for in most cases. Further, a positive visual match would cause the live image to be stored in the database so that future transactions would have a broader base from which to compare if the original account image fails to provide a match - thereby decreasing false negatives.When a match is made with the PIN but not the images, the bank could limit transactions in a manner agreed upon by the customer when the account was opened, and could store the image of the user for later examination by bank officials. In regards to bank employees gaining access to customer PIN for use in fraudulent transactions, this system would likewise reduce that threat to exposure to the low limit imposed by the bank and agreed to by the customer on visually unverifiable transactions.In the case of credit card use at ATMs, such a verification system would not currently be feasible without creating an overhaul for the entire credit card issuing industry, but it is possible that positive results achieved by this system might motivate such an overhaul.The last consideration is that consumers may be wary of the privacy concerns raised by maintaining images of customers in a bank database, encrypted or otherwise, due to possible hacking attempts or employee misuse. However,one could argue that having the image compromised by a third party would have far less dire consequences than the account information itself. Furthermore, since nearly all ATMs videotape customers engaging in transactions, it is no broad leap to realize that banks already build an archive of their customer images, even if they are not necessarily grouped with account information.
2.History of an ATM
The world's first ATM was produced by NCR in Dundee, Scotland, and installed in EnfieldTown in north London on June 27, 1967 by Barclays Bank. This instance of the invention is credited to John Shepherd-Barron, although George Simjian registered patents in New York, USA in the 1930s and Don Wetzel and two other engineers from Docutel registered a patent on June 4, 1973. Shepherd-Barron was awarded an OBE in the 2005 New Year's Honours.
As is often the case with inventions, many inventors contribute to the history of an invention. In the case of the ATM, Don Wetzel invented the first successful and modern ATM in the USA, however he was not first inventor to create an ATM. In 1939, Luther George Simjian started patenting an earlier and not-so-successful version of an ATM.
Early cards were retained by the machine and worked on various principles including radiation and low-coercivity magnetism that was wiped by the card reader to make fraud more difficult.
Modern ATM banking was tested in NZ’s Christchurch region beforebeing rolled out elsewhere as a banking service.
Don Wetzel:
An automatic teller machine or ATM allows a bank customer to conduct their banking transactions from almost every other ATM machine in the world. Don Wetzel was the co-patentee and chief conceptualist of the automated teller machine, an idea he said he thought of while waiting in line at a Dallas bank. At the time (1968) Wetzel was the Vice President of Product Planning at Docutel, the company that developed automated baggage-handling equipment. The other two inventors listed on the patent were Tom Barnes, the chief mechanical engineer and George Chastain, the electrical engineer. It took five million dollars to develop the ATM. The concept of the modern ATM first began in 1968, a working prototype came about in 1969 and Docutel was issued a patent in 1973. The first working ATM was installed in a New York based Chemical Bank. (Editor’s note: There are different claims to which bank had the first ATM, I have used Don Wetzel's reference.)
“No, it wasn't in a lobby, it was actually in the wall of the bank, out on the street. They put a canopy over it to protect it from the rain and the weather of all sorts. Unfortunately they put the canopy too high and the rain came under it. (Laughing) One time we had water in the machine and we had to do some extensive repairs. It was a walkup on the outside of the bank. That was the first one. And it was a cash dispenser only, not a full ATM... We had a cash dispenser, and then the next version was going to be the total teller (created in 1971), which is the ATM we all know today -- takes deposits, transfers money from checking to savings, savings to checking, cash advances to your credit card, takes payments; things like that. So they didn't want just a cash dispenser alone." - Don Wetzel on the first ATM installed at the Rockville Center, New York Chemical Bank from a NMAHinterview.
The first ATMs were off-line machines, meaning money was not automatically withdrawn from an account. The bank accounts were not (at that time) connected by a computer network to the ATM. Therefore, banks were at first very exclusive about who they gave ATM privileges to. Giving them only to credit card holders (credit cards were used before ATM cards) with good banking records. Wetzel, Barnes and Chastain developed the first real ATM cards, cards with a magnetic strip and a personal ID number to get cash. ATM cards had to be different from credit cards (then without magnetic strips) so account information could be
included.
The ATM is now 30 years old.
3. ATM
ATM Machine
(Automatic Teller Machine) A banking terminal that accepts deposits and dispenses cash. ATMs are activated by inserting a cash or credit card that contains the user's account number and PIN on a magnetic stripe. The ATM calls up the bank's computers to verify the balance, dispenses the cash and then transmits a completed transaction notice. The word "machine" in the term "ATM machine" is certainly redundant, but widely used.
An automated teller machine (ATM) is a data terminal with two input and four output devices. Similar to many other data terminals, the ATM must connect and communicate through a host network. The host network may be compared to an Internet Service Provider in that it is the gateway through which all the various ATM networks become available to the cardholder.
The two input devices in an ATM are:
1. A card reader that captures information stored on the magnetic strip on the back of the ATM debit or credit card.
2. A keypad that allows the card holder to informthe bank of the required transaction (cash withdrawal, transfer of funds, balance inquiry, etc.) and the required amount.
The four output methods in an ATM are:
1. A speaker that provides the cardholder withaudio feedback when a key is pressed.
2. A display screen that prompts the cardholder through each step of the transaction process.
3. A printer thatprovides the cardholder with a receipt.
4. A safe and cash dispensing mechanism.
The cash dispensing mechanism contains an electric eye that counts each bill as it exits and provides a recorded log for transaction accuracy. To ensure that more than one bill is not dispensed, this mechanism also contains a sensor that measures the thickness of each bill. If two bills are stuck together or are excessively worn or torn, they are diverted into a reject bin for later retrieval at the time of machine maintenance.
3.1 Networking
Most ATMs are connected to interbank network enabling people to withdraw and deposit money from machines notbelonging to the bank where they have their account. This is a convenience, especially for people who are travelling: it is possible to make withdrawals in places where one's bank has no branches, and even to withdraw local currency in a foreign country, often at a better exchange rate than would be available by changing cash.
ATMs rely on Authorization of a Transaction by the card issuer or other authorizing institution via the communications network.
3.2 ATM charges
Many banks in the United States charge fees for the use of their ATMs. In some cases, these fees are assessed solely for non-bank members, in other cases they apply to all users. Many oppose these fees because ATMs are actually less costly for banks than withdrawals from human tellers.
When the ATM surcharges emerged in the 1990s, they usually were on the order of $ 0.25. Quickly, however, they climbed. ATM fees now commonly reach $1.50, and can be as high as $5.00,especially around bars and casinos. In cases where fees are paid both to the bank and the ATM owner withdrawal fees could potentially reach $10.
ATMs are placed not only near banks, but also in locations such as malls, grocery stores, and restaurants. Sometimes, ATMs are advertised for their fees. In many states, one can circumvent ATM fees by using debit cards at retail stores.Many stores allow a debit-card user to receive "cash back" with an order; that is, one could make a $63 debit on a $13 order and receive $50 in change.
In the UnitedKingdom, public reaction to proposed increases in fees was so strong that fees were removed altogether for using ATMs at banks, regardless of whether the user is a customer of that bank. Machines in garages, nightclubs and other venues do charge, however.
3.3Hardware and software
ATMs contain secure cryptoprocessors, generally within an IBM PC compatible host computer in a secure enclosure. The security of the machine relies mostly on the integrity of the secure cryptoprocessor: the host software often runs on a commodity operating system.
ATMs typically connect directly to their ATM Transaction Processor via either a dial-up modem over a telephone line or directly via a leased line. The latter is preferable as the time required to establish the connection is much less. Such connections are rather expensive, though, meaning less-trafficked machines will usually rely on a dial-up modem. That dilemma may be solved as more ATMs use dedicated high-speed Internet connections, which are much cheaper than leased lines. Encryption is used to prevent theft of personal or financial information.
In addition, ATMs are moving away from custom circuit boards (most of which are based on Intel 8086 architecture) and into full-fledged with commodity operating systems such as Windows 2000 and Linux . An example of this is Banrisul , the largest bank in the South of Brazil , which has replaced the MS-DOS operating systems in its automatic teller machines with Linux. Other platforms include RMX 86, OS/2 and Windows 98 bundled with Java . The newest ATMs with Microsoft technology use Windows XP d or Windows XP embedded.
3.4 Reliability
ATMs are generally reliable, but if they do go wrong customers will be left without cash until the following morning or whenever they can get to the bank during opening hours. Of course, not all errors are to the detriment of customers; there have been cases of machines giving out money without debiting the account, or giving out higher value notes as a result of incorrect denomination of banknote being loaded in the money cassettes. Errors that can occur may be mechanical (such as card transport mechanisms; keypads; hard disk failures); software (such as operating system; device driver ; application); communications ; or purely down to operator error.
3.5 Security
Early ATM security focused on making the ATMs invulnerable to physical attack; they were effectively safes with dispenser mechanisms. A number of attacks on ATMs resulted, with thieves attempting to steal entire ATMs by ram-raiding.
Modern ATM physical security, like other modern money-handling security,concentrates on denying the use of the money inside the machine to a thief, bymeans of techniques such as dye markers and smoke canisters. This change in emphasis has meant that ATMs are now frequently found free-standing in places like shops, rather than mounted into walls.
Another trend in ATM security leverages the existing security of a retail establishment. In this scenario, the fortified cash dispenser is replaced with nothing more than a paper-tape printer. The customer requests a withdrawal from the machine, which dispenses no money, but merely prints a receipt. The customer then takes this receipt to a nearby sales clerk, who then exchanges it for cash from the till.
ATM transactions are usually encrypted with DES (Data Encryption Standard) but most transactionprocessors will require the use of the more secure Triple DES by 2005.
There are also many “phantom withdrawals "from ATMs, which banks often claim are the result of fraud by customers. Many experts ascribe phantom withdrawals to the criminal activity of dishonest insiders. Ross Anderson, a leading cryptography researcher, has been involved in investigating many cases of phantom withdrawals, and has been responsible for exposing several errors in bank security.
There have also been a number of incidents of fraud where criminals have used fake machines or have attached fake keypads or card readers to existing machines. These have then been used to record customers' PINs and bank account details in order to gain unauthorized access to their accounts.
A bank is always liable when a customer's money is stolen from an ATM, butthere have been complaints that banks have made it difficult to recover money lost in this way. In some cases, bank fraud occurs at ATMs whereby the bank accidentally stocks the ATM with bills in the wrong denomination, therefore giving the customer more money than should be dispensed. Individuals who unknowingly use such ATMs are probably never tried, but those who withdraw a second time are usually prosecuted.
In countries with high levels of violentcrime like theUnited States,multiple securitycameras are a ubiquitous ATM feature.
3.6 ATM fraud
In the early 2000s, ATM-specific crimes became common. These had two common forms. In the low-tech form, the user's PIN is observed by someone watching as they use the machine; they are then mugged for their card by a second person, who has taken care to stay out of range of the ATM's surveillance cameras. However, this offers little advantage compared to simply mugging the victim for their money, and carries the same risks to the offender as other violent crimes. By contrast, the most common high-tech modusoperandi involves the installation of a magnetic card reader over the real ATM's card slot, and the use of a wireless surveillance camera to observe the user's PIN. Although the latter fraud would have seemed like something from a spy novel until recently, the availability of low-cost commodity wireless cameras and card readers has made it a relatively simple form of fraud, with comparatively low risk to the fraudsters.
As of 2005, banks are working hard to develop countermeasures for this latterkind of fraud, in particular by the use of smart cards which cannot easily be read by un-authenticated devices, and by attempting to make the outside of their ATMstamper evident.