ATM Risk Management and Controls - EuroJournals
ATM Risk Management and Controls - EuroJournals
ATM Risk Management and Controls - EuroJournals
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
164 European Journal of Economics, Finance <strong>and</strong> Administrative Sciences - Issue 21 (2010)<br />
Distraction theft or ‘manual’ skimming<br />
Shoulder Surfing<br />
Leaving transaction ‘Live’<br />
Cash trapping<br />
COMPUTER AND NETWORK ATTACKS<br />
Network attacks against <strong>ATM</strong>s<br />
Viruses <strong>and</strong> malicious software<br />
Phishing<br />
PIN cash-out attacks<br />
Utilizing a Fake PIN pad overlay<br />
PIN Interception<br />
PHYSICAL <strong>ATM</strong> ATTACKS<br />
Ram Raid Attacks<br />
Theft of <strong>ATM</strong>s<br />
Smash <strong>and</strong> Grab of <strong>ATM</strong>s<br />
Safe cutting/Safe Breaking<br />
Explosive Attacks<br />
The other most common cash dispenser fraud has become known as the "Lebanese loop"<br />
because criminals of Lebanese origin apparently first used it. This has many variations but usually<br />
involves the cash machine being tampered with so that your card is not returned to you <strong>and</strong> is then<br />
removed by the criminals: alternatively if you get your card back a device has recorded the details of<br />
your magnetic stripe. The crooks have also captured your PIN number though some variation of<br />
shoulder surfing. It is this problem that has led to banks putting posters <strong>and</strong> other warnings on <strong>ATM</strong>s<br />
advising customers to visually inspect the machine to see if it has been altered or tampered with.<br />
Types of Errors<br />
So far the <strong>ATM</strong>s have been the most widely spread application of electronic banking. There are various<br />
types of errors which can occur due to mechanical failure at the <strong>ATM</strong> terminal leading to the following<br />
problems:-<br />
• <strong>ATM</strong> dispenses less cash to the customer but the account is debited correctly.<br />
• The customer’s account is debited twice but the cash is only dispensed once by the <strong>ATM</strong>.<br />
• The customer’s account is debited but the cash is not dispensed by the <strong>ATM</strong>.<br />
Normally errors can occur at any time, even when the <strong>ATM</strong> accepts cash <strong>and</strong> cheques deposits.<br />
There have also been cases of phantom withdrawals <strong>and</strong> the card-holder denying being responsible for<br />
those cash withdrawals, although the computer records showed that a genuine transaction had taken<br />
place.<br />
Reputational <strong>Risk</strong>s<br />
This is considerably heightened for banks using the Internet. For example the Internet allows for the<br />
rapid dissemination of information which means that any incident, either good or bad, is common<br />
knowledge within a short space of time. The speed of the Internet considerably cuts the optimal<br />
response times for both banks <strong>and</strong> regulators to any incident.<br />
Any problems encountered by one firm in this new environment may affect the business of<br />
another, as it may affect confidence in the Internet as a whole. There is therefore a risk that one rogue<br />
e-bank could cause significant problems for all banks providing services via the Internet. This is a new<br />
type of systemic risk <strong>and</strong> is causing concern to e-banking providers. Overall, the Internet puts an<br />
emphasis on reputational risks. Banks need to be sure those customers’ rights <strong>and</strong> information needs<br />
are adequately safeguarded <strong>and</strong> provided for.