An automated teller machine (ATM), also known as a automated banking machine (ABM) or Cash Machine and by several other names (see below), is a computerized telecommunications device that provides the clients of a financial institution with access to financial transactions in a public space without the need for a cashier, human clerk or bank teller.
On most modern ATMs, the customer is identified by inserting a plastic ATM card with a magnetic stripe or a plastic smart card with a chip, that contains a unique card number and some security information such as an expiration date or CVVC (CVV). Authentication is provided by the customer entering a personal identification number (PIN).
Using an ATM, customers can access their bank accounts in order to make cash withdrawals, credit card cash advances, and check their account balances as well as purchase prepaid cellphone credit. If the currency being withdrawn from the ATM is different from that which the bank account is denominated in (e.g.: Withdrawing Japanese Yen from a bank account containing US Dollars), the money will be converted at a wholesale exchange rate. Thus, ATMs often provide the best possible exchange rate for foreign travelersand are heavily used for this purpose as well.
ATMs are known by various other names including automatic banking machine (or automated banking machine particularly in the United States) (ABM), automated transaction machine,cashpoint (particularly in the United Kingdom), money machine, bank machine, cash machine, hole-in-the-wall, autoteller (after the Bank of Scotland's usage), cashline machine (after the Royal Bank of Scotland's usage), MAC Machine (in the Philadelphia area), Bankomat (in various countries particularly in Europe and including Russia), Multibanco (after a registered trade mark, in Portugal), Minibank in Norway, Geld Automaat in Belgium and the Netherlands, and All Time Money in India.
Location
ATMs are placed not only near or inside the premises of banks, but also in locations such as shopping centers/malls, airports, grocery stores, petrol/gas stations, restaurants, or any place large numbers of people may gather. These represent two types of ATM installations: on and off premise. On premise ATMs are typically more advanced, multi-function machines that complement an actual bank branch's capabilities and thus more expensive. Off premise machines are deployed by financial institutions and also ISOs (or Independent Sales Organizations) where there is usually just a straight need for cash, so they typically are the cheaper mono-function devices. In Canada, when an ATM is not operated by a financial institution it is known as a "White Label ATM".
In North America, banks often have drive-thru lanes providing access to ATMs.
Many ATMs have a sign above them indicating the name of the bank or organization owning the ATM, and possibly including the list of ATM networks to which that machine is connected. This type of sign is called a topper.
Financial networks
Most ATMs are connected to interbank networks, enabling people to withdraw and deposit money from machines not belonging to the bank where they have their account or in the country where their accounts are held (enabling cash withdrawals in local currency). Some examples of interbank networks include PULSE, PLUS, Cirrus, Interac, Interswitch, STAR, and LINK.
ATMs rely on authorization of a financial transaction by the card issuer or other authorizing institution via the communications network. This is often performed through an ISO 8583 messaging system.
Many banks charge ATM usage fees. In some cases, these fees are charged solely to users who are not customers of the bank where the ATM is installed; in other cases, they apply to all users.
In order to allow a more diverse range of devices to attach to their networks, some interbank networks have passed rules expanding the definition of an ATM to be a terminal that either has the vault within its footprint or utilizes the vault or cash drawer within the merchant establishment, which allows for the use of a scrip cash dispenser.
A Diebold 1063ix with a dial-up modem visible at the base
ATM in Trogir, Croatia
ATMs typically connect directly to their host or ATM Controller via either ADSL or dial-up modem over a telephone line or directly via a leased line. Leased lines are preferable to POTS lines because they require less time to establish a connection. Leased lines may be comparatively expensive to operate versus a POTS line, meaning less-trafficked machines will usually rely on a dial-up modem. That dilemma may be solved as high-speed Internet VPN connections become more ubiquitous. Common lower-level layer communication protocols used by ATMs to communicate back to the bank include SNA over SDLC, TC500 over Async, X.25, and TCP/IP over Ethernet.
In addition to methods employed for transaction security and secrecy, all communications traffic between the ATM and the Transaction Processor may also be encrypted via methods such as SSL.
Hardware
An ATM is typically made up of the following devices:
CPU (to control the user interface and transaction devices)
Magnetic and/or Chip card reader (to identify the customer)
PIN Pad (similar in layout to a Touch tone or Calculator keypad), often manufactured as part of a secure enclosure.
Secure cryptoprocessor, generally within a secure enclosure.
Display (used by the customer for performing the transaction)
Function key buttons (usually close to the display) or a Touchscreen (used to select the various aspects of the transaction)
Record Printer (to provide the customer with a record of their transaction)
Vault (to store the parts of the machinery requiring restricted access)
Housing (for aesthetics and to attach signage to)
Recently, due to heavier computing demands and the falling price of computer-like architectures, ATMs have moved away from custom hardware architectures using microcontrollers and/or application-specific integrated circuits to adopting the hardware architecture of a personal computer, such as, USB connections for peripherals, ethernet and IP communications, and use personal computer operating systems. Although it is undoubtedly cheaper to use commercial off-the-shelf hardware, it does make ATMs potentially vulnerable to the same sort of problems exhibited by conventional computers.
Business owners often lease ATM terminals from ATM service providers.
Two Loomis employees refilling an ATM at the Downtown Seattle REI.
The vault of an ATM is within the footprint of the device itself and is where items of value are kept. Scrip cash dispensers do not incorporate a vault.
Mechanisms found inside the vault may include:
Dispensing mechanism (to provide cash or other items of value)
Deposit mechanism including a Check Processing Module and Bulk Note Acceptor (to allow the customer to make deposits)
Security sensors (Magnetic, Thermal, Seismic, gas)
Locks: (to ensure controlled access to the contents of the vault)
Journaling systems; many are electronic (a sealed flash memory device based on proprietary standards) or a solid-state device (an actual printer) which accrues all records of activity including access timestamps, number of bills dispensed, etc. - This is considered sensitive data and is secured in similar fashion to the cash as it is a similar liability.
ATM vaults are supplied by manufacturers in several grades. Factors influencing vault grade selection include cost, weight, regulatory requirements, ATM type, operator risk avoidance practices, and internal volume requirements.
Software
With the migration to commodity PC hardware, standard commercial "off-the-shelf" operating systems and programming environments can be used inside of ATMs. Typical platforms previously used in ATM development include RMX or OS/2. Today the vast majority of ATMs worldwide use a Microsoft OS, primarily Windows XP Professional or Windows XP Embedded.
A small number of deployments may still be running older versions such as Windows NT, Windows CE or Windows 2000. Notably, Vista was not widely adopted in ATMs.
Linux is also finding some reception in the ATM marketplace. An example of this is Banrisul, the largest bank in the south of Brazil, which has replaced the MS-DOS operating systems in its ATMs with Linux. Banco do Brasil is also migrating ATMs to Linux.
Common application layer transaction protocols, such as Diebold 91x (911 or 912) and NCR NDC or NDC+ provide emulation of older generations of hardware on newer platforms with incremental extensions made over time to address new capabilities, although companies like NCR continuously improve these protocols issuing newer versions (e.g. NCR's AANDC v3.x.y, where x.y are subversions). Most major ATM manufacturers provide software packages that implement these protocols. Newer protocols such as IFX have yet to find wide acceptance by transaction processors.
With the move to a more standardized software base, financial institutions have been increasingly interested in the ability to pick and choose the application programs that drive their equipment. WOSA/XFS, now known as CEN XFS (or simply XFS), provides a common API for accessing and manipulating the various devices of an ATM. J/XFS is a Java implementation of the CEN XFS API.
Security
Security, as it relates to ATMs, has several dimensions. ATMs also provide a practical demonstration of a number of security systems and concepts operating together and how various security concerns are dealt with.
No comments:
Post a Comment