An automated teller machine (ATM) is a computerized telecommunications device that provides the customers of a financial institution with access to financial transactions in a public space without the need for a human clerk or bank teller. On most modern ATMs, the customer is identified by inserting a plastic ATM card with a magnetic stripe or a plastic smartcard with a chip, that contains a unique card number and some security information, such as an expiration date or CVC (CVV). Security is provided by the customer entering a personal identification number (PIN). Using an ATM, customers can access their bank accounts in order to make cash withdrawals (or credit card cash advances) and check their account balances. ATMs are known by various casual terms including automated banking machine, money machine, cash machine, hole-in-the-wall, cashpoint or Bancomat (in Europe and Russia).
A mechanical cash dispenser was developed and built by Luther George Simjian and installed in 1939 in New York City by the City Bank of New York, but removed after 6 months due to the lack of customer acceptance. The ATM got smaller, faster and easier over the years.
Thereafter, the history of ATMs paused for over 25 years, until De La Rue developed the first electronic ATM, which was installed first in Enfield Town in North London on 27 June 1967 by Barclays Bank. This instance of the invention is credited to John Shepherd-Barron, although various other engineers were awarded patents for related technologies at the time. Shepherd-Barron was awarded an OBE in the 2005 New Year's Honours List.
The first person to use the machine was Reg Varney of "On the Buses" fame, a British Television program from the 1960s. The first ATMs accepted only a single-use token or voucher, which was retained by the machine. These worked on various principles including radiation and low-coercivity magnetism that was wiped by the card reader to make fraud more difficult.
The idea of a PIN stored on the card was developed by the British engineer James Goodfellow in 1965. However, the modern, networked ATM was invented in Dallas, Texas, by Don Wetzel in 1968. Wetzel was a department head at an automated baggage-handling company called Docutel. In 1995 the Smithsonian's National Museum of American History recognized Docutel and Wetzel as the inventors of the ATM. ATMs first came into wide UK use in 1973; the IBM 2984 was designed at the request of Lloyds Bank.
The 2984 CIT (Cash Issuing Terminal) was the first true Cashpoint, similar in function to today's machines; Cashpoint is still a registered trademark of Lloyds TSB in the U.K. All were online and issued a variable amount which was immediately deducted from the account. A small number of 2984s were supplied to a USA bank. Notable historical models of ATMs include the IBM 3624 and 473x series, Diebold 10xx and TABS 9000 series, and NCR 5xxx series.
As with any device containing objects of value, ATMs and the systems they depend on to function are the targets of fraud. Fraud against ATMs and people's attempts to use them takes several forms. The first known instance of a fake ATM was installed at a shopping mall in Manchester, Connecticut in 1993. By modifying the inner workings of a Fujitsu model 7020 ATM, a criminal gang known as The Bucklands Boys were able to steal information from cards inserted into the machine by customers.
In some cases, bank fraud could occur at ATMs whereby the bank accidentally stocks the ATM with bills in the wrong denomination, therefore giving the customer more money than should be dispensed.The result of receiving too much money may be influenced on the Card Holder Agreement in place between the customer and the Bank. In a variation of this, WAVY-TV reported an incident in Virginia Beach of September 2006 where a hacker who had probably obtained a factory-default admin password for a gas station's white label ATM caused the unit to assume it was loaded with $5 USD bills instead of $20s, enabling himself--and many subsequent customers--to walk away with four times the money they said they wanted to withdraw.
ATM behavior can change during what is called "stand-in" time, where the Bank's cash dispensing network is unable to access databases that contain account information (possibly for database maintenance). In order to give customers access to cash, customers may be allowed to withdraw cash up to a certain amount that may be less than their usual daily withdrawal limit, but may still exceed the amount of available money in their account, which could result in fraud.
In an attempt to prevent criminals from shoulder surfing the customer's PINs, some banks draw privacy areas on the floor. In an attempt to prevent criminals from shoulder surfing the customer's PINs, some banks draw privacy areas on the floor.
For a low-tech form of fraud, the easiest is to simply steal a customer's card. A later variant of this approach is to trap the card inside of the ATM's card reader with a device often referred to as a Lebanese loop. When the customer gets frustrated by not getting the card back and walks away from the machine, the criminal is able to remove the card and withdraw cash from the customer's account. Another simple form of fraud involves attempting to get the customer's bank to issue a new card and stealing it from their mail. Some ATMs may put up warning messages to customers to not use them when it detects possible tampering. Some ATMs may put up warning messages to customers to not use them when it detects possible tampering. The concept and various methods of copying the contents of an ATM card's magnetic stripe on to a duplicate card to access other people's financial information was well known in the hacking communities by late 1990.
In 1996 Andrew Stone, a computer security consultant from Hampshire in the UK was convicted of stealing in excess of £1 million Sterling (at the time equivalent to US$1.6 million) by pointing high definition video cameras at ATMs from a considerable distance, and by recording the card numbers, expiry dates, etc. from the embossed detail on the ATM cards along with video footage of the PINs being entered. After getting all the information from the videotapes, he was able to produce clone cards which not only allowed him to withdraw the full daily limit for each account, but also allowed him to sidestep withdrawal limits by using multiple copied cards. In court, it was shown that he could withdraw as much as £10,000 per hour by using this method. Stone was sentenced to five years and six months in prison.
By contrast, a newer high-tech modus operandi involves the installation of a magnetic card reader over the real ATM's card slot and the use of a wireless surveillance camera or a modified digital camera to observe the user's PIN. Card data is then cloned onto a second card and the criminal attempts a standard cash withdrawal. The availability of low-cost commodity wireless cameras and card readers has made it a relatively simple form of fraud, with comparatively low risk to the fraudsters.
In an attempt to stop these practices, countermeasures against card cloning have been developed by the banking industry, in particular by the use of smart cards which cannot easily be copied or spoofed by un-authenticated devices, and by attempting to make the outside of their ATMs tamper evident. Older chip-card security systems include the French Carte Bleue, Visa Cash, Mondex, Blue from American Express and EMV '96 or EMV 3.11. The most actively developed form of smart card security in the industry today is known as EMV 2000 or EMV 4.x. EMV is widely used in the UK (Chip and PIN) and parts of Europe, but when it is not available in a specific area, ATMs must fallback to using the easy to copy magnetic stripe to perform transactions. This fallback behaviour can be exploited. However the fallback option has been removed by several UK banks, meaning if the chip is not read, the transaction will be declined.
Tidak ada komentar:
Posting Komentar