Automated teller machine (ATM)

An automated teller machine or automatic teller machine (ATM), also known as

an automated
banking
machine (ABM), cash
machine, cashpoint,cashline,
or
colloquially hole in the wall, is an electronic telecommunications device that enables the
customers of a financial institution to perform financial transactions without the need for a
human cashier, clerk or bank teller.
On most modern ATMs, the customer is identified by inserting a plastic ATM
card with a magnetic stripe or a plastic smart card with a chipthat contains a unique card
number and some security information such as an expiration date or CVVC (CVV).
Authentication is provided by the customer entering a personal identification number (PIN).
Using an ATM, customers can access their bank deposit or credit accounts in order to
make a variety of transactions such as cash withdrawals, check balances, or credit mobile
phones. If the currency being withdrawn from the ATM is different from that in which the
bank account is denominated the money will be converted at an official exchange rate. Thus,
ATMs often provide the best possible exchange rates for foreign travellers, and are widely
used for this purpose.

History
The idea of self-service in retail banking developed through independent and
simultaneous efforts in Japan, Sweden, the United
Kingdom and the United States. In the US patent
record, Luther George Simjianhas been credited with
developing a "prior art device".Specifically his 132nd
patent (US3079603) was first filed on 30 June 1960 (and
granted 26 February 1963). The roll-out of this machine,
called Bankograph, was delayed by a couple of years, due
in part to Simjian's Reflectone Electronics Inc. being
acquired
by
Universal
Match
Corporation. An
experimental Bankograph was installed in New York
City in 1961 by the City Bank of New York, but removed
after six months due to the lack of customer acceptance.
The Bankograph was an automated envelope deposit
machine (accepting coins, cash and cheques) and did not
have cash dispensing features.
In simultaneous and independent efforts, engineers in Japan, Sweden, and Britain
developed their own cash machines during the early 1960s. The first of these that was put
into use was by Barclays Bank in Enfield Town in north London, United Kingdom, on 27
June 1967. This machine was the first in the world and was used by English comedy
actor Reg Varney. This instance of the invention is credited to John Shepherd-Barron of
printing firm De La Rue, who was awarded an OBE in the 2005 New Year Honours. This
design used paper cheques issued by a teller or cashier, marked with carbon-14 for machine
readability and security, which in a latter model were matched with a personal identification
number.
The Barclays-De La Rue machine (called De La Rue Automatic Cash System or
DACS) beat the Swedish saving banks' and a company called Metior's machine (a device

called Bankomat) by a mere nine days and Westminster Banks-Smith IndustriesChubb system (called Chubb MD2) by a month. The online version of the Swedish machine
is listed to been operational on 6 May 1968, while claiming to be the first online cash
machine in the world (ahead of a similar claim by IBM and Lloyds Bank in 1971). The
collaboration of a small start-up called Speytec and Midland Bank developed a third machine
which was marketed after 1969 in Europe and the USA by the Burroughs Corporation. The
patent for this device (GB1329964) was filed on September 1969 (and granted in 1973) by
John David Edwards, Leonard Perkins, John Henry Donald, Peter Lee Chappell, Sean
Benjamin Newcombe & Malcom David Roe.
Both the DACS and MD2 accepted only a single-use token or voucher which was
retained by the machine while the Speytec worked with a card with a magnetic strip at the
back. They used principles including Carbon-14 and low-coercivity magnetism in order to
make fraud more difficult. The idea of a PIN stored on the card was developed by a British
engineer working on the MD2 named James Goodfellow in 1965 (patent GB1197183 filed on
2 May 1966 with Anthony Davies). The essence of this system was that it enabled the
verification of the customer with the debited account without human intervention. This patent
is also the earliest instance of a complete currency dispenser system in the patent record.
This patent was filed on 5 March 1968 in the USA (US 3543904) and granted on 1 December
1970. It had a profound influence on the industry as a whole. Not only did future entrants into
the cash dispenser market such as NCR Corporation and IBM licence Goodfellows PIN
system, but a number of later patents reference this patent as Prior Art Device.
In January 9, 1969 ABC newspaper
(Madrid edition) there's an article about the new
Bancomat,
a
teller
machine
installed
in
downtown Madrid,Spain,
by Banesto,
dispensing
1000 peseta bills (1 to 5 max). Each user had to
introduce a security personal key using a combination of
the ten numeric buttons.\ In March of the same year an
ad with the instructions to use the Bancomat was
published in the same Newspaper \ Bancomat was the first ATM installed in Spain, one of the
first in Europe(actually the third), and in the whole world.

1969 ABC news report on the introduction of ATMs in Sydney, Australia. People
could only receive $25 at a time and the bank card was sent back to the user at a later date.
After looking first hand at the experiences in Europe, in 1968 the networked ATM
was pioneered in the US, in Dallas, Texas, by Donald Wetzel, who was a department head at
an automated baggage-handling company called Docutel. Recognised by the United States
Patent Office for having invented the ATM network are Fred J. Gentile and Jack Wu Chang,
under US Patent # 3,833,885. On September 2, 1969, Chemical Bank installed the first ATM
in the U.S. at its branch in Rockville Centre, New York. The first ATMs were designed to
dispense a fixed amount of cash when a user inserted a specially coded card. A Chemical
Bank advertisement boasted "On Sept. 2 our bank will open at 9:00 and never close
again."[20] Chemical's ATM, initially known as a Docuteller was designed by Donald
Wetzel and his company Docutel. Chemical executives were initially hesitant about the
electronic banking transition given the high cost of the early machines. Additionally,
executives were concerned that customers would resist having machines handling their
money.[21] In 1995, theSmithsonian National Museum of American History recognised
Docutel and Wetzel as the inventors of the networked ATM.

The first modern ATM was an IBM 2984 and came into use at Lloyds Bank,
Brentwood High Street, Essex, England in December 1972. The IBM 2984 was designed at
the request of Lloyds Bank. The 2984 Cash Issuing Terminal was the first true ATM, similar
in function to today's machines and named by Lloyds Bank: Cashpoint; Cashpoint is still
a registered trademark of Lloyds TSB in the UK. All were online and issued a variable
amount which was immediately deducted from the account. A small number of 2984s were
supplied to a US bank. A couple of well known historical models of ATMs include the IBM
3614, IBM 3624 and 473x series, Diebold 10xx and TABS 9000 series, NCR 1780 and
earlier NCR 770 series.
The newest ATM at Royal Bank of Scotland allows customers to withdraw cash up to
100 without a card by inputting a six-digit code requested through their smartphones.

Location

An ATM Encrypting PIN Pad (EPP)

ATM in Vatican with menu in Latin

with German markings

language

ATMs are placed not only near or inside the premises of banks, but also in locations
such as shopping centers/malls, airports, grocery stores, petrol/gas stations, restaurants, or
anywhere frequented by large numbers of people. There are two types of ATM installations:
on- and off-premises. On-premises ATMs are typically more advanced, multi-function
machines that complement a bank branch's capabilities, and are thus more expensive. Offpremises machines are deployed by financial institutions and Independent Sales
Organisations (ISOs) where there is a simple need for cash, so they are generally cheaper
single function devices. In Canada, ATMs (also known there as ABMs) not operated by a
financial institution are known as "white-label ABMs".
In the U.S., Canada and some Gulf countries, banks often have drive-thru lanes
providing access to ATMs using an automobile.
Many ATMs have a sign above them, indicating the name of the bank or organisation
owning the ATM and possibly including the list of ATM networks to which that machine is
connected.
ATMs can also be found in train stations and metro stations. In recent times, countries
like India and some countries in Africa are installing ATM's in rural areas as well, which are
solar powered. These ATM's also do not require air conditioning.

Financial networks
An ATM in the Netherlands. Thelogos of a
number of interbank networks this ATM is connected to
are shown
Most ATMs are connected to interbank networks,
enabling people to withdraw and deposit money from
machines not belonging to the bank where they have their
accounts or in the countries where their accounts are held
(enabling cash withdrawals in local currency). Some
examples
of
interbank
networks
include NYCE, PULSE, PLUS, Cirrus, AFFN, Interac,
Interswitch, STAR, LINK, MegaLink and BancNet.
ATMs rely on authorisation of a financial transaction by the card issuer or other
authorising institution on a communications network. This is often performed through an ISO
8583 messaging system.
Many banks charge ATM usage fees. In some cases, these fees are charged solely to
users who are not customers of the bank where the ATM is installed; in other cases, they
apply to all users.
In order to allow a more diverse range of devices to attach to their networks, some
interbank networks have passed rules expanding the definition of an ATM to be a terminal
that either has the vault within its footprint or utilises the vault or cash drawer within the
merchant establishment, which allows for the use of a scrip cash dispenser.

A Diebold 1063ix with a dial-up modem visible at the

base
ATMs typically connect directly to their host or ATM
Controller on
either ADSL or
dial-up modem over
atelephone line or directly on a leased line. Leased lines are
preferable to plain old telephone service(POTS) lines because
they require less time to establish a connection. Less-trafficked
machines will usually rely on a dial-up modem on a POTS line
rather than using a leased line, since a leased line may be
comparatively more expensive to operate compared to a POTS
line. That dilemma may be solved as high-speed
Internet VPN connections become more ubiquitous. Common
lower-level layer communication protocols used by ATMs to communicate back to the bank
include SNA over SDLC, TC500 over Async, X.25, and TCP/IP over Ethernet.
In addition to methods employed for transaction security and secrecy, all
communications traffic between the ATM and the Transaction Processor may also be
encrypted using methods such as SSL.

Global use
There are no hard international or governmentcompiled numbers totaling the complete number of
ATMs in use worldwide. Estimates developed
byATMIA place the number of ATMs in use currently
at over 2.2 million, or approximately 1 ATM per 3000
people in the world.
ATMs at the railway station inPozna
To simplify the analysis of ATM usage around the world, financial institutions
generally divide the world into seven regions, due to the penetration rates, usage statistics,
and features deployed. Four regions (USA, Canada, Europe, and Japan) have high numbers of
ATMs per million people. Despite the large number of ATMs, there is additional demand for
machines in the Asia/Pacific area as well as in Latin America. ATMs have yet to reach high
numbers in the Near East and Africa.
According to international statistics, the highest installed ATM in the world is located
at Nathu La Pass, in India, installed by the Indian Axis Bank at 4023 metres
(13200 ft). According to the Mainland Chinese media and CPC statistics, the highest installed
ATM in the world is located in Nagchu County, Tibet, China, at 4500 metres, allegedly
installed by the Agricultural Bank of China.
Israel has the world's lowest installed ATM at Ein
Bokek at the Dead Sea, installed independently by a grocery
store at 421 metres below sea level.
While ATMs are ubiquitous on modern cruise ships,
ATMs can also be found on some US Navy ships.

Welcome message displayed on the world's most

northerly ATM located in the post office at Longyearbyen

Hardware
A block diagram of an ATM
An ATM is typically made up of the following devices:

CPU (to control the user interface and transaction

devices)

Magnetic or chip card reader (to identify the customer)

PIN pad EEP4 (similar in layout to a touch

tone or calculator keypad), manufactured as part of a secure enclosure

Secure cryptoprocessor, generally within a secure enclosure

Display (used by the customer for performing the transaction)

Function key buttons (usually close to the display) or a touchscreen (used to

select the various aspects of the transaction)

Record printer (to provide the customer with a record of the transaction)

Vault (to store the parts of the machinery requiring restricted access)

Housing (for aesthetics and to attach signage to)

Sensors and indicators

Due to heavier computing demands and the falling price of personal computerlike
architectures, ATMs have moved away from custom hardware architectures
using microcontrollers or application-specific integrated circuits and have adopted the
hardware architecture of a personal computer, such as USB connections for peripherals,
Ethernet and IP communications, and use personal computer operating systems.
Business owners often lease ATM terminals from ATM service providers, however
based on the economies of scale, the price of equipment has dropped to the point where many
business owners are simply paying for ATMs using a credit card.
New ADA voice and text-to-speech guidelines imposed in 2010, but required by
March 2012[37] have forced many ATM owners to either upgrade non-compliant machines or
dispose them if they are not up-gradable, and purchase new compliant equipment. This has
created an avenue for hackers and thieves to obtain ATM hardware at junkyards from
improperly disposed decommissioned ATMs.

Two Loomis employees

Downtown Seattle REI

refilling

an

ATM

at

the

The vault of an ATM is within the footprint of the device

itself and is where items of value are kept. Scrip cash dispensers do
not incorporate a vault.
Mechanisms found inside the vault may include:

Dispensing mechanism (to provide cash or other

items of value)

Deposit mechanism including a check processing module and bulk note

acceptor (to allow the customer to make deposits)

Security sensors (magnetic, thermal, seismic, gas)

Locks (to ensure controlled access to the contents of the vault)

Journaling systems; many are electronic (a sealed flash memory device based
on in-house standards) or a solid-state device (an actual printer) which accrues all records of
activity including access timestamps, number of notes dispensed, etc. This is considered
sensitive data and is secured in similar fashion to the cash as it is a similar liability.
ATM vaults are supplied by manufacturers in several grades. Factors influencing
vault grade selection include cost, weight, regulatory requirements, ATM type, operator risk
avoidance practices and internal volume requirements. Industry standard vault configurations
includeUnderwriters Laboratories UL-291 "Business Hours" and Level 1 Safes, RAL TL-30
derivatives, and CEN EN 1143-1 - CEN III and CEN IV.
ATM manufacturers recommend that an ATM vault be attached to the floor to prevent
theft, though there is a record of a theft conducted by tunnelling into an ATM floor.

Software
With the migration to commodity Personal Computer hardware, standard commercial
"off-the-shelf" operating systems, and programming environments can be used inside of
ATMs. Typical platforms previously used in ATM development include RMX or OS/2.

Today the vast majority of ATMs worldwide use

a Microsoft
Windows operating
system,
primarily Windows XP Professional or Windows XP
Embedded. A small number of deployments may still be
running older versions of Windows OS such
as Windows NT, Windows CE, or Windows 2000.
There is a computer industry security view that
general public desktop operating systems have greater
risks as operating systems for cash dispensing machines
than other types of operating systems like (secure) real-time operating
systems (RTOS). RISKS Digest has many articles about cash machine operating system
vulnerabilities.
Linux is also finding some reception in the ATM marketplace. An example of this
is Banrisul, the largest bank in the south of Brazil, which has replaced the MS-DOS operating
systems in its ATMs with Linux. Banco do Brasil is also migrating ATMs to Linux. Indianbased Vortex Engineering is manufacturing ATMs which operate only with Linux. Common
application layer transaction protocols, such as Diebold 91x (911 or 912) and NCR NDC or
NDC+ provide emulation of older generations of hardware on newer platforms with
incremental extensions made over time to address new capabilities, although companies like
NCR continuously improve these protocols issuing newer versions (e.g. NCR's AANDC
v3.x.y, where x.y are subversions). Most major ATM manufacturers provide software
packages that implement these protocols. Newer protocols such as IFXhave yet to find wide
acceptance by transaction processors.
With the move to a more standardised software base, financial institutions have been
increasingly interested in the ability to pick and choose the application programs that drive
their equipment. WOSA/XFS, now known as CEN XFS (or simply XFS), provides a
common API for accessing and manipulating the various devices of an ATM. J/XFS is a Java
implementation of the CEN XFS API.
While the perceived benefit of XFS is similar to the Java's "Write once, run
anywhere" mantra, often different ATM hardware vendors have different interpretations of
the XFS standard. The result of these differences in interpretation means that ATM
applications typically use a middleware to even out the differences between various
platforms.
With the onset of Windows operating systems and XFS on ATM's, the software
applications have the ability to become more intelligent. This has created a new breed of
ATM applications commonly referred to as programmable applications. These types of
applications allows for an entirely new host of applications in which the ATM terminal can
do more than only communicate with the ATM switch. It is now empowered to connected to
other content servers and video banking systems.

Notable ATM software that operates on XFS platforms include Triton

PRISM, Diebold Agilis
EmPower, NCR APTRA
Edge, Absolute
Systems AbsoluteINTERACT, KAL Kalignite Software Platform, Phoenix Interactive
VISTAatm, Wincor Nixdorf ProTopas and Euronet EFTS.
With the move of ATMs to industry-standard computing environments, concern has
risen about the integrity of the ATM's software stack.[47]

Security
Security, as it relates to ATMs, has several dimensions. ATMs also provide a practical
demonstration of a number of security systems and concepts operating together and how
various security concerns are dealt with.
Physical

A Wincor Nixdorf Procash 2100xe Frontload that was opened with an angle grinder

Automated Teller Machine In Dezfull in southwest of Iran

Early ATM security focused on making the ATMs invulnerable to physical attack;
they were effectively safes with dispenser mechanisms. A number of attacks on ATMs
resulted, with thieves attempting to steal entire ATMs by ram-raiding. Since late 1990s,
criminal groups operating in Japan improved ram-raiding by stealing and using a truck loaded
with heavy construction machinery to effectively demolish or uproot an entire ATM and any
housing to steal its cash.

Another attack method, plofkraak, is to seal all openings of the ATM

with silicone and fill the vault with a combustible gas or to place an explosive inside,
attached, or near the ATM. This gas or explosive is ignited and the vault is opened or
distorted by the force of the resulting explosion and the criminals can break in. [50] This type
of
theft
has
occurred
in
the Netherlands, Belgium, France, Denmark, Germany and Australia. These types of attacks
can be prevented by a number of gas explosion prevention devices also known as gas
suppression system. These systems use explosive gas detection sensor to detect explosive gas
and to neutralise it by releasing a special explosion suppression chemical which changes the
composition of the explosive gas and renders it ineffective.
Several attacks in the UK (at least one of which was successful) have emulated the
traditional WW2 escape from POW camps by digging a concealed tunnel under the ATM and
cutting through the reinforced base to remove the money.
Modern ATM physical security, per other modern money-handling security,
concentrates on denying the use of the money inside the machine to a thief, by using different
types of Intelligent Banknote Neutralisation Systems.
A common method is to simply rob the staff filling the machine with money. To avoid
this, the schedule for filling them is kept secret, varying and random. The money is often kept
in cassettes, which will dye the money if incorrectly opened.

Transactional secrecy and integrity

A Triton brand ATM with a dip style card reader and a triple DES keypad
The security of ATM transactions relies mostly on the integrity of the
securecryptoprocessor: the ATM often uses general commodity components that sometimes
are not considered to be "trusted systems".
Encryption of personal information, required by law in many jurisdictions, is used to
prevent fraud. Sensitive data in ATM transactions are usually encrypted with DES, but
transaction processors now usually require the use of Triple DES. Remote Key Loading
techniques may be used to ensure the secrecy of the initialisation of the encryption keys in the
ATM. Message Authentication Code (MAC) or Partial MAC may also be used to ensure
messages have not been tampered with while in transit between the ATM and the financial
network.

Customer identity integrity

A BTMU ATM with a palm scanner(to the right of the screen)

There have also been a number of incidents of fraud by Man-in-the-middle attacks,
where criminals have attached fake keypads or card readers to existing machines. These have
then been used to record customers' PINs and bank card information in order to gain
unauthorised access to their accounts. Various ATM manufacturers have put in place
countermeasures to protect the equipment they manufacture from these threats.
Alternative methods to verify cardholder identities have been tested and deployed in
some countries, such as finger and palm vein patterns, iris, and facial
recognition technologies. Cheaper mass-produced equipment has been developed and is
being installed in machines globally that detect the presence of foreign objects on the front of
ATMs, current tests have shown 99% detection success for all types of skimming devices.
Device operation integrity

ATMs that are exposed to the outside must be vandal and weather resistant
Openings on the customer-side of ATMs are often covered by mechanical shutters to
prevent tampering with the mechanisms when they are not in use. Alarm sensors are placed
inside the ATM and in ATM servicing areas to alert their operators when doors have been
opened by unauthorised personnel.
Rules are usually set by the government or ATM operating body that dictate what
happens when integrity systems fail. Depending on the jurisdiction, a bank may or may not
be liable when an attempt is made to dispense a customer's money from an ATM and the
money either gets outside of the ATM's vault, or was exposed in a non-secure fashion, or
they are unable to determine the state of the money after a failed transaction. Customers

often commented that it is difficult to recover money lost in this way, but this is often
complicated by the policies regarding suspicious activities typical of the criminal element.

Uses

Two NCR Personas 84 ATMs at abank in Jersey dispensing two types of pound
sterling banknotes: Bank of England on the left, and States of Jersey on the right
Although ATMs were originally developed as just cash dispensers, they have evolved
to include many other bank-related functions:

Paying routine bills, fees, and taxes (utilities, phone bills, social security, legal
fees, taxes, etc.)

Printing bank statements

Updating passbooks

Cash advances

Cheque Processing Module

Paying (in full or partially) the credit balance on a card linked to a

specific current account.

Transferring money between linked accounts (such as transferring between

checking and savings accounts)

Deposit currency recognition, acceptance, and recycling

In some countries, especially those which benefit from a fully integrated cross-bank
ATM network (e.g.: Multibanco in Portugal), ATMs include many functions which are not
directly related to the management of one's own bank account, such as:

Gold vending ATM in New York City

Loading monetary value into stored value cards

Adding pre-paid cell phone / mobile phone credit.
Purchasing
Postage stamps.
Lottery tickets
Train tickets
Concert tickets
Movie tickets
Shopping mall gift certificates.
Gold
Donating to charities

Increasingly banks are seeking to use the ATM as a sales device to deliver pre
approved loans and targeted advertising using products such as ITM (the Intelligent Teller
Machine) from Aptra Relate from NCR. ATMs can also act as an advertising channel for
other companies.

A South Korean ATM with mobile bank port and bar code reader
However several different technologies on ATMs have not yet reached worldwide
acceptance, such as:

Videoconferencing with human tellers, known as video tellers

Biometrics, where authorisation of transactions is based on the scanning of a
customer's fingerprint, iris, face, etc.

Cheque/Cash Acceptance, where the ATM accepts and recognise cheques

and/or currency without using envelopesExpected to grow in importance in the US
through Check 21 legislation.

Bar code scanning

On-demand printing of "items of value" (such as movie tickets, traveler's

cheques, etc.)

Dispensing additional media (such as phone cards)

Co-ordination of ATMs with mobile phones

Integration with non-banking equipment

Games and promotional features

CRM at the ATM

E.g. In Canada, ATMs are called guichets automatiques in French and sometimes
"Bank Machines" in English. The Interac shared cash network does not allow for the selling
of goods from ATMs due to specific security requirements for PIN entry when buying goods.
CIBCmachines in Canada, are able to top-up the minutes on certain pay as you go phones.

Reliability

An ATM running Microsoft Windowsthat has crashed due to a peripheral component

failure
Before an ATM is placed in a public place, it typically has undergone extensive
testing with both test money and the backend computer systems that allow it to perform
transactions. Banking customers also have come to expect high reliability in their ATMs,
which provides incentives to ATM providers to minimise machine and network failures.
Financial consequences of incorrect machine operation also provide high degrees of incentive
to minimise malfunctions.
ATMs and the supporting electronic financial networks are generally very reliable,
with industry benchmarks typically producing 98.25% customer availability for ATMs and
up to 99.999% availability for host systems that manage the networks of ATMs. If ATM
networks do go out of service, customers could be left without the ability to make
transactions until the beginning of their bank's next time of opening hours.
This said, not all errors are to the detriment of customers; there have been cases of
machines giving out money without debiting the account, or giving out higher value notes as
a result of incorrect denomination of banknote being loaded in the money cassettes.[92] The
result of receiving too much money may be influenced by the card holder agreement in place
between the customer and the bank.
Errors that can occur may be mechanical (such as card transport mechanisms;
keypads; hard disk failures; envelope deposit mechanisms); software (such as operating
system; device driver; application); communications; or purely down to operator error.
To aid in reliability, some ATMs print each transaction to a roll paper journal that is
stored inside the ATM, which allows both the users of the ATMs and the related financial
institutions to settle things based on the records in the journal in case there is a dispute. In
some cases, transactions are posted to an electronic journal to remove the cost of supplying
journal paper to the ATM and for more convenient searching of data.

Improper money checking can cause the possibility of a customer

receiving counterfeit banknotes from an ATM. While bank personnel are generally trained
better at spotting and removing counterfeit cash, the resulting ATM money supplies used by
banks provide no guarantee for proper banknotes, as the Federal Criminal Police Office of
Germanyhas confirmed that there are regularly incidents of false banknotes having been
dispensed through bank ATMs. Some ATMs may be stocked and wholly owned by outside
companies, which can further complicate this problem. Bill validation technology can be used
by ATM providers to help ensure the authenticity of the cash before it is stocked in an ATM;
ATMs that have cash recycling capabilities include this capability.

Fraud

ATM lineup

Some ATMs may put up warning messages to customers to be vigilant of

possible tampering.

Bills from a cash machine robbery made unusable with red paint.
As with any device containing objects of value, ATMs and the systems they depend
on to function are the targets of fraud. Fraud against ATMs and people's attempts to use them
takes several forms.
The first known instance of a fake ATM was installed at a shopping mall
in Manchester, Connecticut in 1993. By modifying the inner workings of a Fujitsu model
7020 ATM, a criminal gang known as The Bucklands Boys were able to steal information
from cards inserted into the machine by customers.
WAVY-TV reported an incident in Virginia Beach in September 2006 where a hacker
who had probably obtained a factory-default administrator password for a gas station's white
label ATM caused the unit to assume it was loaded with US$5 bills instead of $20s, enabling
himselfand many subsequent customersto walk away with four times the money they
wanted to withdraw. This type of scam was featured on the TV series The Real Hustle.
ATM behavior can change during what is called "stand-in" time, where the bank's
cash dispensing network is unable to access databases that contain account information
(possibly for database maintenance). In order to give customers access to cash, customers
may be allowed to withdraw cash up to a certain amount that may be less than their usual
daily withdrawal limit, but may still exceed the amount of available money in their accounts,
which could result in fraud if the customers intentionally withdraw more money than what
they had in their accounts.

Card fraud
In an attempt to prevent criminals from shoulder surfing the customer's personal
identification number (PIN), some banks draw privacy areas on the floor.
For a low-tech form of fraud, the easiest is to simply steal a customer's card along
with its PIN. A later variant of this approach is to trap the card inside of the ATM's card
reader with a device often referred to as a Lebanese loop. When the customer gets frustrated
by not getting the card back and walks away from the machine, the criminal is able to remove
the card and withdraw cash from the customer's account, using the card and its PIN.
This type of ATM fraud has spread globally. Although somewhat replaced in terms of
volume by ATM skimming incidents, a re-emergence of card trapping has been noticed in
regions such as Europe, where EMV chip and PIN cards have increased in circulation.
Another simple form of fraud involves attempting to get the customer's bank to issue
a new card and its PIN and stealing them from their mail.
By contrast, a newer high-tech method of operating, sometimes called card
skimming or card cloning, involves the installation of a magnetic card reader over the real
ATM's card slot and the use of a wireless surveillance camera or a modified digital camera or

a false PIN keypad to observe the user's PIN. Card data is then cloned into a duplicate card
and the criminal attempts a standard cash withdrawal. The availability of low-cost
commodity wireless cameras, keypads, card readers, and card writers has made it a relatively
simple form of fraud, with comparatively low risk to the fraudsters.
In an attempt to stop these practices, countermeasures against card cloning have been
developed by the banking industry, in particular by the use of smart cards which cannot easily
be copied or spoofed by unauthenticated devices, and by attempting to make the outside of
their ATMs tamper evident. Older chip-card security systems include the French Carte
Bleue, Visa Cash, Mondex, Blue from American Express[ and EMV '96 or EMV 3.11. The
most actively developed form of smart card security in the industry today is known as EMV
2000 or EMV 4.x.
EMV is widely used in the UK (Chip and PIN) and other parts of Europe, but when it
is not available in a specific area, ATMs must fall back to using the easytocopy magnetic
strip to perform transactions. This fallback behaviour can be exploited. However the fall-back
option has been removed on the ATMs of some UK banks, meaning if the chip is not read,
the transaction will be declined.
Card cloning and skimming can be detected by the implementation of magnetic card
reader heads and firmware that can read a signature embedded in all magnetic strips during
the card production process. This signature, known as a "MagnePrint" or "BluPrint", can be
used in conjunction with common two-factor authentication schemes used in ATM,
debit/retail point-of-sale and prepaid card applications.
The concept and various methods of copying the contents of an ATM card's magnetic
strip onto a duplicate card to access other people's financial information was well known in
the hacking communities by late 1990.
In 1996, Andrew Stone, a computer security consultant from Hampshire in the UK,
was convicted of stealing more than 1 million by pointing high-definition video cameras at
ATMs from a considerable distance, and by recording the card numbers, expiry dates, etc.
from the embossed detail on the ATM cards along with video footage of the PINs being
entered. After getting all the information from the videotapes, he was able to produce clone
cards which not only allowed him to withdraw the full daily limit for each account, but also
allowed him to sidestep withdrawal limits by using multiple copied cards. In court, it was
shown that he could withdraw as much as 10,000 per hour by using this method. Stone was
sentenced to five years and six months in prison.
In February 2009, a group of criminals used counterfeit ATM cards to steal $9 million
from 130 ATMs in 49 cities around the world, all within a period of 30 minutes.

Conclusion
However, bank customers usually enjoy the convenience of ATM debit cards to take
out money from a machine and to buy products or services. You dont have to carry cash
because you can get it from almost any ATM machine, though you may end up paying a fee
if you use an ATM that's not in your bank's network. You can pay your bills easily and
quickly with a debit card because the number on the card acts like a credit-card number.
Withdrawing money with ATM or debit cards is so easy you could drain the account
accidentally. Banks usually charge overdraft fees unless you have credit-line protection.
Depending on your bank, debit cards might also have annual fees, or charge you each time
you use your card. Writing a check usually gives you time to cover your account if you're
short, but money from cards comes out instantly. Unlike a credit card, ATM or debit cards
don't usually offer you protection for refunds on purchases or help build up your credit rating.
At the end of this report I conclude with the following points:
- With the growing networks ATM might soon be installed at many places.
- ATMs for the blind have also been designed & are available in the Indian market.
- ATMs that make available various types of currencies are also available.