ATM Risk Management and Controls - EuroJournals

More documents

Recommendations

Info

162 European Journal of Economics, Finance and Administrative Sciences - Issue 21 (2010) transactions”. The plastic card contains a magnetic stripe or a chip that contains a unique card number and some security information, such as an expiration date and card validation code (CVC). Kalakota and Whinston, (1996) mentioned that the financial services industry has been through 'structural and operational changes since the mid-1990s, and innovative use of new information technology, electronic commerce. Hamelink, (2000) indicated that these associated cost reductions are driving ongoing changes in banking New technology brings benefits and risks and new challenges for human governance of the developments. RCBC (2007), mentioned that authentication of the user is provided by the customer entering a personal identification number (PIN). Miranda F, Cosa R and Barriuso (2006), highlighted that customers transacting on these ATMs are guided by instructions displayed o the video screens. These ATMs normally dispense two or more denominations of paper money. Customer’s advice slips are automatically printed and dispensed except for balance enquires. All deposits have to be accounted for by the bank staff, before they are credited to customers’ accounts. Marcia Crosland of NCR Corp. (2010) indicated that aside from revenue generation and cost savings, ATMs are becoming the face of many financial institutions. For many consumers, ATMs are becoming the only interaction they have with their banks. In addition, ATMs are also becoming a competitive mark for many banks. Therefore, it is imperative to ensure that the customer's experience with the ATM is safe and secure. Mike Fenton (2000), mentioned that over the past three decades consumers have come to depend on and trust the ATM to conveniently meet their banking needs. In recent years there has been a proliferation of ATM frauds across the globe. Managing the risk associated with ATM fraud as well as diminishing its impact are important issues that face financial institutions as fraud techniques have become more advanced with increased occurrences. Diebold Inco. (2002) indicated that the ATM is only one of many electronic funds transfer (EFT) devices that are vulnerable to fraud attacks. Card theft, or the theft of card data, is the primary objective for potential thieves because the card contains all relevant account information needed to access an account. Recent global ATM consumer research indicates that one of the most important issues for consumers when using an ATM was personal safety and security. As financial institutions use the migration of cash transactions to self-service terminals as a primary method of increasing branch efficiencies, the ATM experience must be as safe and accommodating as possible for consumers. The industry has grave difficulty in measuring ATM fraud given the lack of a national classification, the secrecy surrounding such frauds, and the unfortunate fact that one cannot know the true cost of fraud until one is hit with it. Even low-cost solutions, such as customer awareness, challenge banks that fear scaring customers away from the ATM, or worse, into the doors of a competitor. ATMs Transactions in Malaysia 2000 – 2004 Automated Teller Machines 2000 2001 2001 2003 2004 Number of ATMs 3,944 4,161 4,213 5,241 5,565 Volume of cash withdrawals in (million) 146.1 174.9 193.5 215.6 264.3 Value of cash withdrawals (RM billion) 62.0 71.8 77.6 86.3 110.8 Bank Negara Malaysia 2004.Figures in 2000-2002 comprises domestic commercial banks, LIFBs, Islamic banks and finance companies. Figures in 2003-2004 include the DFLs. Figures in 2000-2003 represent transactions involving the domestic commercial banks ,LIFBs and finance companies. Figures include Islamic banks transactions. Number of EFTPOS Terminals MALAYSIA as at end of period 2004 2005 2006 2007 2008 2009 Unit International brand payment cards 1 n.a. 83,100 93,368 119,490 144,897 160,585 ATM card 2 n.a. 20,052 21,592 34,754 67,581 88,808
163 European Journal of Economics, Finance and Administrative Sciences - Issue 21 (2010) E-money 16,642 18,198 28,115 28,771 29,236 30,198 1 MasterCard, Visa, American Express and Diners Club 2 Domestic PIN-based debit card scheme n.a Not available Note: Data is collected on a quarterly basis Number of Cards/Users of Payment Instruments as at end of period 2004 2005 2006 2007 2008 2009 '000 Credit card 6,583.0 7,815.5 8,833.0 9,901.3 10,812.4 10,817.6 Charge card 286.3 244.5 272.1 245.6 285.6 285.2 Debit card 1 10,237.2 15,676.7 18,861.4 21,887.3 24,436.6 30,847.6 E-money 34,174.1 44,034.8 46,874.7 53,150.4 61,534.1 68,461.8 Includes international Brand debit card and ATM card Source: BNM Annual Report (2004 – 2009)* refers to commercial banks only, also excludes Islamic Banks Frauds at ATMs Diebold Inco. (2002), indicated that fraud at the ATM although more difficult than at a POS, has recently become more widespread. Recent occurrences of ATM fraud range from techniques such as shoulder surfing and card skimming to highly advanced techniques involving software tampering and/or hardware modifications to divert, or trap the dispensed currency. Recent Global ATM consumer research indicates that one of the most important issues for consumers when using an ATM was personal safety and security*. As financial institutions use the migration of cash transactions to self service terminals as a primary method of increasing branch efficiencies, the ATM experience must be as safe and accommodating as possible for consumers. The magazine (1991), published that the UK consumer Association reported a case pf phantom withdrawals. In 1989, 570 pounds was wrongly deducted from John Allans’ Bank of Scotland account. A total of 8 cash withdrawals were carried out, three of them when he was away with his card in Andorra. Complaining to the bank was fruitless and later Mr Allan was going to sue the bank of Scotland. The day before the case was due to come to court, the bank reached an out –of court settlement with him. The magazine concludes that this case marks a breakthrough because the bank acknowledged that money can get debited to a account without the use of the card plus the PIN. This risk exists in each product and service offered. The level of transaction risk is affected by the structure of the institution’s processing environment, including the types of services offered and the complexity of the processes and supporting technology. ISACA (2007), highlighted that the key to controlling transaction risk lies in adapting effective polices, procedures, and controls to meet the new risk exposures introduced by e-banking. Basic internal controls including segregation of duties, dual controls, and reconcilements remain important. Information security controls, in particular, become more significant requiring additional processes, tools, expertise, and testing. Institutions should determine the appropriate level of security controls based on their assessment of the sensitivity of the information to the customer and to the institution and on the institution’s established risk tolerance level. There are three basic types of ATM attacks: • Attempts to steal a customer‘s bank card information; • Computer and Network attacks against ATM‘s to gather bank card information; • Physical attacks against the ATM. THEFT OF CUSTOMER‘S BANK CARD INFORMATION Card Skimming Fake ATM machines Card Trapping/Card Swapping
Page 1: European Journal of Economics, Fina
Page 5 and 6: 165 European Journal of Economics,
Page 11: 171 European Journal of Economics,

ATM Risk Management and Controls - EuroJournals

Create successful ePaper yourself

Delete template?

Save as template?