ATM Risk Management and Controls - EuroJournals
ATM Risk Management and Controls - EuroJournals
ATM Risk Management and Controls - EuroJournals
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
163 European Journal of Economics, Finance <strong>and</strong> Administrative Sciences - Issue 21 (2010)<br />
E-money 16,642 18,198 28,115 28,771 29,236 30,198<br />
1 MasterCard, Visa, American Express <strong>and</strong> Diners Club<br />
2 Domestic PIN-based debit card scheme<br />
n.a Not available<br />
Note: Data is collected on a quarterly basis<br />
Number of Cards/Users of Payment Instruments<br />
as at end of period 2004 2005 2006 2007 2008 2009<br />
'000<br />
Credit card 6,583.0 7,815.5 8,833.0 9,901.3 10,812.4 10,817.6<br />
Charge card 286.3 244.5 272.1 245.6 285.6 285.2<br />
Debit card 1 10,237.2 15,676.7 18,861.4 21,887.3 24,436.6 30,847.6<br />
E-money 34,174.1 44,034.8 46,874.7 53,150.4 61,534.1 68,461.8<br />
Includes international Br<strong>and</strong> debit card <strong>and</strong> <strong>ATM</strong> card<br />
Source: BNM Annual Report (2004 – 2009)* refers to commercial banks only, also excludes Islamic Banks<br />
Frauds at <strong>ATM</strong>s<br />
Diebold Inco. (2002), indicated that fraud at the <strong>ATM</strong> although more difficult than at a POS, has<br />
recently become more widespread. Recent occurrences of <strong>ATM</strong> fraud range from techniques such as<br />
shoulder surfing <strong>and</strong> card skimming to highly advanced techniques involving software tampering<br />
<strong>and</strong>/or hardware modifications to divert, or trap the dispensed currency.<br />
Recent Global <strong>ATM</strong> consumer research indicates that one of the most important issues for<br />
consumers when using an <strong>ATM</strong> was personal safety <strong>and</strong> security*. As financial institutions use the<br />
migration of cash transactions to self service terminals as a primary method of increasing branch<br />
efficiencies, the <strong>ATM</strong> experience must be as safe <strong>and</strong> accommodating as possible for consumers.<br />
The magazine (1991), published that the UK consumer Association reported a case pf phantom<br />
withdrawals. In 1989, 570 pounds was wrongly deducted from John Allans’ Bank of Scotl<strong>and</strong> account.<br />
A total of 8 cash withdrawals were carried out, three of them when he was away with his card in<br />
Andorra. Complaining to the bank was fruitless <strong>and</strong> later Mr Allan was going to sue the bank of<br />
Scotl<strong>and</strong>. The day before the case was due to come to court, the bank reached an out –of court<br />
settlement with him. The magazine concludes that this case marks a breakthrough because the bank<br />
acknowledged that money can get debited to a account without the use of the card plus the PIN.<br />
This risk exists in each product <strong>and</strong> service offered. The level of transaction risk is affected by<br />
the structure of the institution’s processing environment, including the types of services offered <strong>and</strong> the<br />
complexity of the processes <strong>and</strong> supporting technology.<br />
ISACA (2007), highlighted that the key to controlling transaction risk lies in adapting effective<br />
polices, procedures, <strong>and</strong> controls to meet the new risk exposures introduced by e-banking. Basic<br />
internal controls including segregation of duties, dual controls, <strong>and</strong> reconcilements remain important.<br />
Information security controls, in particular, become more significant requiring additional processes,<br />
tools, expertise, <strong>and</strong> testing. Institutions should determine the appropriate level of security controls<br />
based on their assessment of the sensitivity of the information to the customer <strong>and</strong> to the institution <strong>and</strong><br />
on the institution’s established risk tolerance level.<br />
There are three basic types of <strong>ATM</strong> attacks:<br />
• Attempts to steal a customer‘s bank card information;<br />
• Computer <strong>and</strong> Network attacks against <strong>ATM</strong>‘s to gather bank card information;<br />
• Physical attacks against the <strong>ATM</strong>.<br />
THEFT OF CUSTOMER‘S BANK CARD INFORMATION<br />
Card Skimming<br />
Fake <strong>ATM</strong> machines<br />
Card Trapping/Card Swapping