Rajiv Gandhi University of Knowledge Technologies , Nuzvid

Software Engineering Project Report

Department of Computer Science and Engineering

AUTOMATED TELLER MACHINE (ATM)

MANAGEMENT SYSTEM
ID NO: NAME OF THE STUDENT

N200726 KANCHERLA VASANTH PRANEETH RAJ

N200237 MULAKALAPALLI JAYACHANDRA SIDDHARTHA

TEAM-07 N200025 KARIMUNI VENKATA DURGA PRAKASH

N200791 SUVVARI DILEEP KUMAR

N200559 NIMMALAPUDI RAJESH CHOWDARY

1
2
Table of Contents
1. Objective and Abstract of the Project .....................................................................................5
Objective .................................................................................................................................5
Abstract ...................................................................................................................................5
2. Software Requirements Specifications (SRS) .............................................................................6
2.1 Introduction........................................................................................................................6
2.1.1 Purpose .......................................................................................................................6
2.1.2 Scope ..........................................................................................................................6
2.1.3 Definitions, Acronyms, and Abbreviations .....................................................................6
2.1.4 References ...................................................................................................................6
2.1.5 Overview ......................................................................................................................6
2.2 The Overall Description .......................................................................................................7
2.2.1 Product Perspective .....................................................................................................7
2.2.2 Product Functions ........................................................................................................7
2.2.3 User Characteristics .....................................................................................................7
2.2.4 Constraints ..................................................................................................................7
2.2.5 Assumptions and Dependencies ...................................................................................7
3.Functional Requirements.......................................................................................................8
3.1 Functional Requirements: ...................................................................................................8
3.1.1 User Authentication ......................................................................................................8
3.1.2 Cash Withdrawal ..........................................................................................................8
3.1.3 Balance Inquiry ............................................................................................................8
3.1.4 Fund Transfer ...............................................................................................................8
3.1.5 Mini-Statement Printing ................................................................................................8
3.1.6 Account Settings ..........................................................................................................8
3.1.7 Error Handling ..............................................................................................................8
3.2 External Interface Requirements .........................................................................................9
3.2.1 User Interfaces .............................................................................................................9
3.2.2 Hardware Interfaces .....................................................................................................9
3.2.3 Software Interfaces ......................................................................................................9
3.2.4 Communication Interfaces ...........................................................................................9
3.3 System Features .................................................................................................................9
3.3.1 User Interaction Features ........................................................................................... 10
3.3.2 Transaction Features .................................................................................................. 10

3
 3.3.3 Operational Efficiency Features .................................................................................. 10
3.3.4 Security Features ....................................................................................................... 10
3.3.5 Compliance and Audit Features .................................................................................. 11
3.3.6 Maintenance and Support Features............................................................................. 11
3.3.7 Environmental Considerations .................................................................................... 11
3.4 Other Non-Functional Requirements ................................................................................. 11
3.4.1 Performance Requirements ........................................................................................ 11
3.4.2 Software System Attributes ......................................................................................... 11
3.4.3 Business Rules ........................................................................................................... 12
4. System and Architecture Design ............................................................................................. 13
4.1 Overview of Architecture ................................................................................................... 13
4.2 Hardware Components ..................................................................................................... 13
4.3 Software Components ...................................................................................................... 13
4.4 Interactions Between Components ................................................................................... 14
4.5 Architecture Diagram ........................................................................................................ 14
5. UML Diagrams........................................................................................................................ 16
5.1 Sequence Diagrams .......................................................................................................... 16
5.2 Activity Diagrams .............................................................................................................. 17
5.3 Use Case Diagrams........................................................................................................... 18
5.4 Class Diagrams ................................................................................................................ 18
5.5 Collaboration Diagrams .................................................................................................... 19
6. Data Flow Diagram ................................................................................................................. 20
6.1 Level 0 .............................................................................................................................. 20
6.2 Level 1 .............................................................................................................................. 21
6.3 Level 2 .............................................................................................................................. 22
7. Complete Design of ATM Application ...................................................................................... 24
7.1 Entities ............................................................................................................................. 24
7.1.1 User ........................................................................................................................... 24
7.1.2 ATM ........................................................................................................................... 25
7.1.3 Admin ........................................................................................................................ 25
7.2 Relationships.................................................................................................................... 25
7.2.1 User Uses ATM ........................................................................................................... 25
7.2.2 Admin Maintains ATM ................................................................................................. 25
8. Design of Test Cases .............................................................................................................. 26
9. Test Cases ............................................................................................................................. 29
10. Vulnerabilities and Analysis .................................................................................................. 31

4
 1. Objective and Abstract of the Project
Objective
The objective of this project is to develop a robust Bank ATM Application that addresses the
limitations of current ATM systems by enhancing user experience, improving security, and
expanding available services. The application aims to provide a reliable and user-friendly
platform for customers to conduct financial transactions independently while integrating
advanced features like fund transfers and bill payments. By tackling issues such as confusing
interfaces, security vulnerabilities, and limited functionality, the project seeks to improve
customer satisfaction and trust in ATM services.

Abstract
As demand for convenient banking grows, traditional ATMs often fail to meet user expectations
due to poor interfaces, limited features, and security flaws. These issues can frustrate users and
pose risks to sensitive information, affecting overall trust in the service. This project proposes a
comprehensive Bank ATM Application designed to enhance user interaction and provide a
broader range of services, including fund transfers and bill payments. By prioritizing a seamless
user experience and implementing robust security measures, the application aims to meet
evolving customer needs and deliver a secure, versatile, and satisfying banking experience.

5
 2. Software Requirements Specifications (SRS)
2.1 Introduction
2.1.1 Purpose
The purpose of this Bank ATM Application is to deliver a secure, efficient, and user-friendly
interface for customers to perform various banking activities, such as cash withdrawals, balance
inquiries, fund transfers, and obtaining account statements through ATM kiosks.

2.1.2 Scope
The ATM application will encompass the following functionalities:
• User authentication and security protocols
• Checking account balances
• Cash withdrawal and deposit functionalities
• Fund transfers between accounts
• Printing mini-statements
• Notifications regarding account maintenance
This application will integrate seamlessly with the bank's core systems to ensure real-time data
processing and retrieval.

2.1.3 Definitions, Acronyms, and Abbreviations

• ATM: Automated Teller Machine
• PIN: Personal Identification Number
• KYC: Know Your Customer
• DBMS: Database Management System

2.1.4 References
• Banking security guidelines and standards
• User interface design standards for banking applications
• Compliance documents relevant to financial transactions

2.1.5 Overview
This document provides a comprehensive description of the ATM application, detailing its
functionalities, user roles, interface requirements, and non-functional requirements. It serves as a
guide for the development and implementation of the system.

6
2.2 The Overall Description
2.2.1 Product Perspective
The ATM Application is an integral part of the broader banking ecosystem, designed to enhance
customer service. It should:
• Interface securely with the bank’s existing systems.
• Implement stringent security measures for user authentication.
• Support offline functionality for limited transactions during connectivity disruptions.

2.2.2 Product Functions

The primary functions of the ATM application include:
• User Authentication: Secure verification of user identity via PIN entry.
• Cash Withdrawal: Users can withdraw cash in various denominations within their
account limits.
• Balance Inquiry: Provides real-time display of account balances.
• Mini-Statement Printing: Allows users to print recent transaction records.
• Fund Transfers: Enables users to transfer funds between linked accounts.
• Account Settings: Users can change their PIN or block their card in case of suspected
fraud.

2.2.3 User Characteristics

• Bank Customer: Individual or business account holders with ATM cards and PINs.
• ATM Technicians: Personnel responsible for maintenance and troubleshooting of ATMs.
• Bank Administrators: Employees authorized to manage account limits and monitor
transactions.

2.2.4 Constraints
• Adherence to banking regulations for data protection and user privacy.
• Physical limitations regarding cash storage capacity within the ATM.
• Dependence on network connectivity for real-time updates and transaction processing.

2.2.5 Assumptions and Dependencies

• A stable internet connection is assumed for real-time operations.
• Regular maintenance of hardware and software is necessary to prevent downtime.

7
 3.Functional Requirements
3.1 Functional Requirements:
The functional requirements outline specific behaviors and functions the ATM application must
support:

3.1.1 User Authentication

• The system shall allow users to enter their PIN for account access.
• The system shall verify the entered PIN against stored data and grant access only if valid.

3.1.2 Cash Withdrawal

• The system shall allow users to select withdrawal amounts from predefined
denominations.
• The system shall enforce daily withdrawal limits based on account type.
• The system shall dispense cash only if the account has sufficient funds.

3.1.3 Balance Inquiry

• The system shall display the current account balance after successful authentication.
• The system shall update and reflect any transactions affecting the balance in real-time.

3.1.4 Fund Transfer

• The system shall allow users to transfer funds between their linked accounts.
• The system shall require confirmation from users before completing the transfer.
• The system shall ensure sufficient funds are available in the source account.

3.1.5 Mini-Statement Printing

• The system shall allow users to request a printout of recent transactions.
• The system shall limit the number of transactions displayed based on bank policy.

3.1.6 Account Settings

• The system shall allow users to change their PIN securely.
• The system shall enable users to block their card in case of suspected fraud.

3.1.7 Error Handling

• The system shall provide error messages for invalid transactions (e.g., insufficient funds,
invalid PIN).

8
 • The system shall log all errors and unusual activities for auditing purposes.

3.2 External Interface Requirements

3.2.1 User Interfaces
• Login Screen: For user PIN entry and authentication.
• Home Screen: Displays options for various banking operations.
• Transaction Confirmation Screen: Shows details and confirmations for completed
transactions.
• Error/Alert Messages: Communicates issues such as insufficient funds or connectivity
problems.

3.2.2 Hardware Interfaces

• Card Reader: Reads the ATM card for user identification.
• Keypad: For entering PINs and transaction amounts.
• Cash Dispenser: Dispenses cash in different denominations.
• Receipt Printer: Prints transaction receipts for users.
• Display Screen: Guides users through transaction processes.

3.2.3 Software Interfaces

• Bank Database Interface: Secure connection for processing transactions and retrieving
data.
• Security API: Ensures encryption and secure PIN verification.
• Logging System: Maintains a log of transactions and errors for auditing and security
purposes.

3.2.4 Communication Interfaces

Secure connections to the bank’s server are essential, whether via the internet or a dedicated
communication line, to facilitate transaction processing and updates.

3.3 System Features

The ATM application will include a range of features designed to enhance user interaction,
improve operational efficiency, and ensure robust security, aligning with user needs and banking
policies.

9
3.3.1 User Interaction Features
• 3.3.1.1 User-Friendly Interface: The application will feature an intuitive interface
that allows users to navigate easily through options with clear visual cues and minimal
steps.
• 3.3.1.2 Multilingual Support: Users will have the option to select from multiple
languages, catering to diverse user demographics and enhancing accessibility.
• 3.3.1.3 Transaction Guidance: The system will provide step-by-step instructions
during transactions to assist users, ensuring a smooth and understandable process.

3.3.2 Transaction Features

• 3.3.2.1 Withdrawal Transactions: Users can withdraw cash, with options to choose
specific denominations and set transaction limits.
• 3.3.2.2 Deposit Transactions: The application will support cash and check deposits,
providing immediate confirmation of successful transactions.
• 3.3.2.3 Balance Inquiry: Users can easily check their account balances for different
accounts linked to the ATM.
• 3.3.2.4 Fund Transfers: The system will allow users to transfer funds between their
accounts and to external accounts, facilitating convenient money management.
• 3.3.2.5 Mini Statements: Users will have the option to request recent transaction
histories or mini-statements for quick reference.

3.3.3 Operational Efficiency Features

• 3.3.3.1 Fast Processing Time: The application will ensure rapid transaction
processing to minimize wait times and enhance user satisfaction.
• 3.3.3.2 Queue Management: The system will implement strategies to manage peak
usage times, such as token systems or appointment scheduling.
• 3.3.3.3 Remote Diagnostics: The ATM will support remote troubleshooting
capabilities, allowing for timely maintenance without physical access.

3.3.4 Security Features

• 3.3.4.1 User Authentication: The application will incorporate strong authentication
methods, including PIN entry and biometric options (fingerprint or facial recognition).
• 3.3.4.2 Encryption: All transaction data will be encrypted to protect sensitive user
information during processing.
• 3.3.4.3 Fraud Detection: The system will implement mechanisms to identify and flag
unusual transaction patterns, enhancing fraud prevention.

10
 • 3.3.4.4 Session Timeout: Automatic logout features will terminate sessions after
periods of inactivity to safeguard user data.

3.3.5 Compliance and Audit Features

• 3.3.5.1 Regulatory Compliance: The application will adhere to relevant banking
regulations, including PCI-DSS standards for secure payment processing.
• 3.3.5.2 Audit Trails: Comprehensive logging of all transactions and user activities will
be maintained for accountability and auditing purposes.

3.3.6 Maintenance and Support Features

• 3.3.6.1 Remote Management: The system will allow for remote software updates and
maintenance, reducing downtime and service interruptions.
• 3.3.6.2 Error Reporting: Users will have the option to report issues directly through
the ATM interface for immediate support.

3.3.7 Environmental Considerations

• 3.3.7.1 Energy Efficiency: The application will incorporate energy-saving features to
minimize operational costs and reduce environmental impact.

3.4 Other Non-Functional Requirements

3.4.1 Performance Requirements
3.4.1.1 Capacity
The system should handle multiple simultaneous transactions without performance degradation,
ensuring a smooth user experience during peak times.
3.4.1.2 Dynamic Requirements
The system must dynamically adjust to varying transaction loads, particularly during high-traffic
banking hours.
3.4.1.3 Quality
High-quality performance is expected, focusing on responsiveness and user-friendliness.

3.4.2 Software System Attributes

3.4.2.1 Reliability
The ATM software must demonstrate high reliability with minimal downtime and consistent
performance.

11
3.4.2.2 Availability
The system must achieve an uptime of 99.9%, ensuring it is available for user transactions as
needed.
3.4.2.3 Security
Robust data encryption and secure transaction protocols are mandatory to protect user data and
financial information.
3.4.2.4 Maintainability
The software should facilitate easy updates and maintenance processes to minimize user
disruption.

3.4.3 Business Rules

• Daily withdrawal limits will be enforced based on account types.
• After three consecutive incorrect PIN entries, the card will be blocked to prevent
unauthorized access.
• Fees for certain transactions will be applied as per bank policies.

12
 4. System and Architecture Design
This section will describe the overall architecture of the ATM application, highlighting hardware
and software components, their interactions, and how they support secure and efficient banking
operations.

4.1 Overview of Architecture

The ATM application is designed using a layered architecture that separates concerns and
enhances security, scalability, and maintainability. The architecture consists of the following key
layers:
1. Presentation Layer: This layer represents the user interface of the ATM, where users
interact with the system through a touchscreen or keypad. It displays information such as
transaction options, balance inquiries, and prompts for user inputs (e.g., PIN entry).
2. Application Layer: This layer contains the business logic of the ATM application. It
processes user requests, handles transaction management, and interacts with data stores
and external systems. It ensures that the rules and regulations of banking operations are
enforced.
3. Data Layer: This layer manages the data storage and retrieval processes. It includes
databases that hold user information, transaction logs, and account balances. This layer
ensures data integrity and security by implementing access controls and encryption.
4. External Interfaces: This includes communication interfaces with the banking system,
such as APIs for transaction validation, fund transfers, and account management. It
facilitates interactions with external entities, ensuring secure and reliable data exchange.

4.2 Hardware Components

• ATM Terminal: The physical machine that users interact with, equipped with:
o Input Devices: Keypad, touchscreen, card reader, and biometric scanners (if
applicable).
o Output Devices: Display screen, receipt printer, and cash dispenser.
o Communication Modules: Network connectivity (e.g., Ethernet or Wi-Fi) for
communication with the bank's servers.
• Banking Server: A centralized server that processes transactions, maintains account
records, and ensures data consistency across multiple ATMs. It also performs
authentication and authorization for user transactions.

4.3 Software Components

• ATM Operating System: The underlying software that runs the ATM hardware,
managing resources and hardware interactions.

13
 • Application Software: The core ATM application that implements business logic, user
interface management, and communication with databases and external systems.
• Database Management System (DBMS): A secure database solution to manage
customer account data and transaction logs, ensuring data integrity and compliance with
regulations.

4.4 Interactions Between Components

The interactions between hardware and software components are designed to ensure secure and
efficient operation:
• User Interaction: Users interact with the ATM through the presentation layer, which
collects inputs (e.g., card insertion, PIN entry) and provides feedback (e.g., transaction
status, balance).
• Transaction Processing: When a user initiates a transaction (e.g., withdrawal), the
application layer processes the request by:
o Verifying user credentials against the data layer.
o Communicating with the banking server to validate the transaction.
o Updating the account balance and logging the transaction in the database.
• Security Measures: The architecture implements various security measures, including:
o Encryption: Protecting sensitive data such as PINs and account information
during transmission and storage.
o Access Control: Restricting access to critical functions based on user roles (e.g.,
admin versus user).
o Audit Trails: Maintaining logs of all transactions and administrative actions for
compliance and security monitoring.

4.5 Architecture Diagram

A diagram illustrating the architecture of the ATM system will be included here. This diagram
will visually represent the layers of the architecture, the hardware components, and the
interactions between them. It may include:
• Layered View: Showing the Presentation, Application, and Data layers.
• Component Interaction: Visualizing how the ATM terminal, banking server, and
database interact with one another.
• Data Flow: Indicating the flow of data between external entities and the ATM system.

14
15
 5. UML Diagrams
The UML Diagrams section will provide detailed diagrams representing the structure and
behavior of the ATM application, including:

5.1 Sequence Diagrams

Showing the order of operations during transactions.

16
5.2 Activity Diagrams
Illustrating workflows for user interactions.

17
5.3 Use Case Diagrams
Representing interactions between users and system functionalities.

5.4 Class Diagrams

Detailing the system’s class structure and relationships.

18
5.5 Collaboration Diagrams
Highlighting the interactions between components during transactions.

19
 6. Data Flow Diagram
The Data Flow Diagram (DFD) will outline how information flows through the ATM application,
detailing processes such as user authentication, balance inquiries, and cash withdrawals.

6.1 Level 0
This level provides a high-level view of the ATM system, representing it as a single process. It
shows interactions between the ATM and external entities, such as bank customers and the
banking system.
Components:
• External Entities: Customer, Banking System
• Process: ATM System
• Data Flows:
o Customer to ATM: Transaction requests (e.g., withdrawal request)
o ATM to Customer: Transaction responses (e.g., cash dispensed)
o ATM to Banking System: Requests for transaction validation
o Banking System to ATM: Confirmation of transaction success or failure

20
6.2 Level 1
This level breaks down the main ATM process from Level 0 into sub-processes, detailing key
functions such as authentication and transaction processing.
Components:
• Processes:
o Authenticate User
o Process Transaction
o Manage User Interface
• Data Stores:
o Customer Account Database
o Transaction Log
• External Entities: Customer, Banking System
• Data Flows:
o Customer to Authenticate User: PIN and card details
o Authenticate User to Customer Account Database: Verification of user
credentials
o Process Transaction to Customer Account Database: Update account balance
o Process Transaction to Banking System: Sends transaction details

21
6.3 Level 2
This level provides a more detailed view by breaking down the processes from Level 1 into finer
sub-processes.
Components:
• Processes:
o Validate Card
o Check PIN
o Withdraw Cash
o Deposit Funds
o Print Receipt
• Data Stores:
o Customer Account Database
o Transaction Log
• External Entities: Customer, Banking System

22
• Data Flows:
o Customer to Validate Card: Card information
o Validate Card to Check PIN: Successful card validation
o Check PIN to Customer Account Database: Retrieves account data
o Withdraw Cash to Customer Account Database: Updates account balance
o Deposit Funds to Customer Account Database: Updates account after deposit

23
 7. Complete Design of ATM Application
The Entity Relationship Diagram (ERD) is a foundational element of the system design process
for the ATM application, providing a comprehensive visual representation of the data structure. It
outlines the various entities involved in the system, detailing not only their names but also the
attributes associated with each entity. For instance, entities such as User, ATM, and Admin are
represented, with the User entity including attributes like Name, Password, Account Number
(Acc No), Expiration Date (Exp Date), and Balance. The ERD also illustrates the relationships
between these entities, demonstrating how they interact within the application. This diagram
serves as a blueprint for how data will be stored, organized, and accessed, facilitating effective
database design and implementation.

7.1 Entities
7.1.1 User
Represents an ATM user and has several associated attributes:
• Name: The name of the user.

24
 • Password: The password for authentication.
• AccNo (Account Number): The user's bank account number.
• ExpDate (Expiration Date): The expiration date of the user’s card.
• Balance: The balance in the user's account.

7.1.2 ATM
Represents the ATM machine itself, showing its role in the system but without direct
attributes in the diagram.

7.1.3 Admin
Represents an administrative entity for maintaining the ATM and its operations:
• LoginId: The login identifier for the administrator.
• Password: The password used for admin authentication.

7.2 Relationships
7.2.1 User Uses ATM
This relationship is indicated by the diamond symbol labeled "Uses." It suggests that a
user interacts with the ATM to perform transactions.

7.2.2 Admin Maintains ATM

This relationship is labeled "Maintains," showing that the Admin manages and maintains
the ATM system, handling operations like maintenance or configuration.

25
 8. Design of Test Cases
The test cases for the ATM application are designed to validate both functional and non-
functional requirements, ensuring the system operates correctly under various scenarios. Below
are examples of the test cases, including the input and expected output.

Test Case 1: User Authentication

• Input: Correct card number and valid PIN
• Expected Output: Access granted, user proceeds to the transaction menu

Test Case 2: Invalid PIN Entry

• Input: Incorrect PIN entered three times consecutively
• Expected Output: Access denied, account temporarily locked, error message displayed

Test Case 3: Cash Withdrawal Within Limit

• Input: User requests to withdraw an amount within the available account balance and
daily limit (e.g., $200)
• Expected Output: Cash dispensed, balance updated, confirmation message displayed

Test Case 4: Exceed Withdrawal Limit

• Input: User attempts to withdraw an amount exceeding the daily limit (e.g., $2,000)
• Expected Output: Transaction denied, error message indicating exceeded withdrawal
limit displayed

Test Case 5: Insufficient Funds for Withdrawal

• Input: User attempts to withdraw an amount greater than the available balance (e.g.,
$500 from a $300 balance)
• Expected Output: Transaction denied, error message for insufficient funds displayed

Test Case 6: Fund Transfer Between Accounts

• Input: User requests to transfer $100 from checking to savings account
• Expected Output: Amount transferred successfully, balances updated, confirmation
message displayed

26
Test Case 7: Deposit Funds
• Input: User deposits $500 into their account
• Expected Output: Balance updated, deposit confirmation message displayed

Test Case 8: Mini-Statement Request

• Input: User requests a mini-statement of recent transactions
• Expected Output: Mini-statement printed, showing recent transactions

Test Case 9: Invalid Card Entry

• Input: User inserts an expired or damaged card
• Expected Output: Access denied, error message indicating invalid card

Test Case 10: Change PIN

• Input: User enters current PIN, then selects and confirms a new valid PIN
• Expected Output: PIN updated successfully, confirmation message displayed

Test Case 11: Block Card

• Input: User requests to block the card due to theft
• Expected Output: Card blocked, confirmation message displayed

Test Case 12: Session Timeout

• Input: User remains inactive for a period longer than the session timeout limit (e.g., 2
minutes)
• Expected Output: Session automatically logged out, screen returns to the Welcome
menu

Test Case 13: Check Balance

• Input: User requests to view their current account balance
• Expected Output: Current balance displayed on the screen

Test Case 14: Network Failure During Transaction

• Input: Network connection lost while processing a withdrawal request
• Expected Output: Transaction aborted, error message displayed

27
Test Case 15: Concurrent Transactions
• Input: Multiple users attempt to perform transactions simultaneously on different ATMs
• Expected Output: Each transaction processed independently without any errors

Test Case 16: Daily Withdrawal Limit Exceeded

• Input: User attempts another withdrawal after reaching the daily limit
• Expected Output: Transaction denied, error message indicating daily limit reached

Test Case 17: Request Receipt

• Input: User requests a receipt after completing a transaction
• Expected Output: Receipt printed with transaction details

Test Case 18: Invalid Amount Entry

• Input: User attempts to withdraw a non-multiple of available denominations (e.g., $23
when only $10 and $20 bills are available)
• Expected Output: Transaction denied, error message for invalid amount displayed

Test Case 19: Currency Selection

• Input: User selects preferred denominations (e.g., $20 bills) for withdrawal
• Expected Output: Cash dispensed in the selected denomination

Test Case 20: View Transaction History

• Input: User requests to view the transaction history
• Expected Output: Recent transaction history displayed on the screen

These test cases aim to cover a wide range of functionalities, ensuring that the ATM application
meets user requirements and handles errors effectively, providing a secure and reliable banking
experience.

28
 9. Test Cases

This section will outline test scenarios for validating the ATM application’s functionalities,
ensuring compliance with requirements and performance expectations. It will include specific
cases for user authentication, cash withdrawals, fund transfers, and error handling.

Test Case Description Expected Outcome

Enter PIN User enters a valid PIN Access granted

Invalid PIN User enters an invalid PIN Access denied, error message
Withdraw Cash User withdraws within limit Cash dispensed, balance updated
Exceed Withdrawal User attempts to exceed Transaction denied, error
withdrawal limit message
Mini-Statement User requests a mini-statement Statement printed
Print
Transfer Funds User transfers between linked Balance updated
accounts
Empty Account User attempts to withdraw from Transaction denied, error
Balance an empty account message
Request Receipt User requests a receipt after a Receipt printed
transaction
Session Timeout User remains inactive beyond the Session logged out, return to
timeout period Welcome Screen
Change PIN User changes PIN to a valid new PIN updated successfully
PIN
Block Card User requests to block card due to Card blocked, confirmation
theft message displayed
Invalid Card User inserts an expired or invalid Access denied, error message
card
Daily Withdrawal User attempts to withdraw after Transaction denied, error
Limit reaching daily limit message
Deposit Funds User deposits cash Confirmation message
displayed, balance updated

29
User Authentication User enters correct card and PIN Access granted
Failed User fails to authenticate after Account locked, error message
Authentication multiple attempts
View Balance User requests to view current Balance displayed
balance
Network Failure ATM loses connection during a Transaction aborted, error
transaction message
Concurrent Multiple users attempt Each transaction processed
Transactions transactions simultaneously independently
Check Transaction User checks transaction history List of recent transactions
History displayed
Currency Selection User selects a specific Cash dispensed in selected
denomination for withdrawal denomination
User Guidance System prompts user with Appropriate guidance messages
Messages guidance messages displayed
Invalid Amount User attempts to withdraw an Transaction denied, error
invalid amount message

30
 10. Vulnerabilities and Analysis
ATM systems, despite being critical components of the banking infrastructure, are often
vulnerable to various security risks. These vulnerabilities can lead to significant financial losses
and undermine customer trust. Analyzing these risks helps in implementing robust security
measures to protect both the bank and its customers. Below are some common vulnerabilities in
ATM applications and the analysis of potential threats:

10.1. Physical Security Risks

• Card Skimming: One of the most common threats involves the use of card skimmers,
which are devices attached to the card reader to capture card information. Attackers may
also use hidden cameras to record users entering their PINs.
• Tampering: ATMs can be physically tampered with, where criminals attach malicious
devices like fake keypads or PIN capture devices to steal sensitive information.
Analysis: To mitigate these risks, banks should regularly inspect ATMs for suspicious devices,
implement anti-skimming technology, and use encryption to secure data from the card reader to
the processing server.

10.2. Software Vulnerabilities

• Outdated Operating Systems: Many ATMs run on older operating systems like
Windows XP or Windows 7, which no longer receive security updates, making them
vulnerable to malware and exploits.
• Unpatched Software: Lack of timely updates or patches can leave the ATM application
open to known vulnerabilities that hackers can exploit to gain unauthorized access or
perform malicious activities.
Analysis: Regular software updates and patches are crucial to protect against new threats.
Implementing a robust patch management strategy ensures that the ATM software is secure
against the latest exploits.

10.3. Network Security Issues

• Man-in-the-Middle (MitM) Attacks: Attackers may intercept communication between
the ATM and the bank's server, capturing sensitive data such as account numbers and
PINs.
• Denial of Service (DoS) Attacks: A DoS attack on the network can disrupt ATM
services, making them unavailable to customers and potentially causing financial losses.
Analysis: Encrypting all data transmissions using secure protocols like TLS (Transport Layer
Security) can help prevent MitM attacks. Additionally, implementing network security measures
such as firewalls and intrusion detection systems (IDS) can protect against DoS attacks.

31
10.4. User Authentication Weaknesses
• Brute Force Attacks: Hackers may attempt to guess a user’s PIN using automated tools,
especially if the ATM application lacks mechanisms to detect and block such attempts.
• Weak PINs: Users may select easily guessable PINs, increasing the risk of unauthorized
access. Without measures like PIN retry limits, an attacker could potentially guess the
PIN through repeated attempts.
Analysis: To mitigate these risks, ATMs should enforce strong PIN policies and implement
account lockout mechanisms after a limited number of failed attempts. Multi-factor
authentication (MFA) can also add an extra layer of security.

10.5. Insider Threats

• Unauthorized Access by Employees: Employees with access to ATM hardware or
software may misuse their privileges to perform fraudulent activities, such as installing
malware or stealing sensitive data.
• Access Control Weaknesses: Inadequate access control measures can allow
unauthorized personnel to access sensitive components of the ATM system.
Analysis: Implementing strict access controls, regular audits, and employee background checks
can help reduce the risk of insider threats. Role-based access control (RBAC) ensures that only
authorized personnel can perform critical tasks.

10.6. Logical Attacks

• Malware Infections: Hackers may infect ATMs with malware that captures card details
or manipulates the ATM to dispense cash (jackpotting attacks). Malware can be
introduced via USB ports or network vulnerabilities.
• Buffer Overflow Exploits: Attackers can exploit software vulnerabilities, such as buffer
overflow, to execute arbitrary code and gain control over the ATM application.
Analysis: Protecting ATMs from logical attacks requires disabling unused physical ports,
implementing endpoint protection, and conducting regular security assessments. Using
application whitelisting can prevent unauthorized software from running on the system.

Conclusion
While ATM systems are integral to modern banking, their vulnerabilities pose significant risks to
both financial institutions and customers. A comprehensive approach to security—including
physical safeguards, regular software updates, strong encryption, robust authentication methods,
and continuous monitoring—is essential to address these threats. By understanding and
mitigating these vulnerabilities, banks can enhance the security of their ATM networks, thereby
ensuring a safer and more reliable banking experience for users.

32