ATM Risk Management and Controls - EuroJournals
ATM Risk Management and Controls - EuroJournals
ATM Risk Management and Controls - EuroJournals
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
169 European Journal of Economics, Finance <strong>and</strong> Administrative Sciences - Issue 21 (2010)<br />
For control purposes confirmation of numbers of PINs generated must be carried out against the<br />
total application approved.<br />
It is recommended that the customer’s PIN should not be displayed on the PIN mailer. For<br />
control <strong>and</strong> security reasons the PIN mailers should not have direct reference or correlation to the<br />
customer’s account number or identification of the financial institution. The PIN must be scrambled or<br />
encrypted if printed or displayed on terminal screens.<br />
Other <strong>Controls</strong> are as follows:-<br />
• Access controls <strong>and</strong> authorisation to any addition, deletion or changes to <strong>ATM</strong> transaction<br />
details should be implemented.<br />
• Any changes to cardholder details should be authorised by the officer at the next level.<br />
• Realistic maximum transaction <strong>and</strong> maximum daily total limits should be implemented for<br />
<strong>ATM</strong> withdrawals.<br />
• Printed receipts should be dispensed by the <strong>ATM</strong> for every <strong>ATM</strong> transaction.<br />
• Every <strong>ATM</strong> transaction should be acknowledged by e-mail or a short message script sent to the<br />
mobile phone to confirm or alert the user that a transaction was performed.<br />
3. Platform <strong>Controls</strong><br />
<strong>Controls</strong> to consider should include:-<br />
I. Encryption<br />
II. Algorithm<br />
III. Communication <strong>Controls</strong><br />
i. Communication protocols<br />
ii. Encryption protocols etc<br />
Measure to Use if Fraud does occur at the <strong>ATM</strong>s<br />
Unfortunately, losses <strong>and</strong> security breaches do occur. It is important to have a recovery procedure<br />
which will identify if losses occur through the <strong>ATM</strong>s. Normally insurance companies provide banks<br />
with a Bankers Insurance Coverage, which includes losses that “the cover needed will vary depending<br />
upon the risk”. It is important for financial institutions to have a straight loss control program in order<br />
to fully protect its <strong>ATM</strong> customers itself. In addition to the Bankers Insurance cover there is also<br />
computer crime insurance cover. This covers all transfers of funds which are lost as a result of a<br />
fraudulent input into system.<br />
On its own, technology will never solve the problems of an inefficient <strong>and</strong> poorly managed<br />
institution. At such an institution, technology may just automate problems <strong>and</strong> highlight inefficiencies.<br />
<strong>ATM</strong>s require a high degree of additional control beyond those traditionally employed by financial<br />
service providers. Institutions need to make sure they are able to track funds that have been deposited<br />
into the <strong>ATM</strong>s but not yet accounted for in central accounts as fraud or errors may be involved with the<br />
deposit. When initiating new technologies such as offering financial services through <strong>ATM</strong>s,<br />
institutions must be prepared to educate clients on the benefits <strong>and</strong> train them in the use of the new<br />
technology. Failing to do so can reduce adoption rates <strong>and</strong>/or lead to a rejection of the technology by<br />
the targeted clients.<br />
Clients are often relationship oriented <strong>and</strong> enjoy person-to-person transactions. These<br />
transactions build trust <strong>and</strong> familiarity while automating processes can depersonalize services <strong>and</strong><br />
alienate clients. This must be considered <strong>and</strong> adequately planned for, when switching from highly<br />
personalized services to automated transactions.