The world's first automated teller machine (ATM) went into operation in Enfield Town, England, a borough of London, at Barclays Bank on Jun. 27, 1967. This initial ATM invention is generally credited to John Shepherd-Barron, although George Simjian registered patents in the United States in the 1930s and Don Wetzel and two other engineers from Docutel obtained a patent on an ATM on Jun. 4, 1973.
In its initial and early reiterations, an ATM could only be used by customers possessing a checking or savings accounts with the bank where the ATM was located using a proprietary ATM network. By the early 1980s, banks began to take advantage of improvements in telecommunications technology to form shared ATM networks allowing customers of one bank in the network to withdraw money by using ATMs of other banks in the network. Most modem ATMs are linked to interbank networks that enable customers to withdraw money from ATMs not belonging to the bank possessing their account. This is a tremendous convenience for people travelling and can not make withdrawals in places where one's bank has no branches or for customers with odd working hours.
In modem ATMs networks, customers authenticate themselves using a plastic card with a magnetic stripe, very similar to a credit card, encoded with the customer's account number. The customer can then access their account by entering a numeric passcode called a PIN (personal identification number), which in some cases may be changed using the machine. ATMs generally authorize and perform a transaction by communicating with the card issuer or other authorizing institution using the communications network. Because of the added convenience and desire of customers and consumers, there is now now a flourishing business of placing ATMs in grocery stores, malls, and other locations separate and apart from banks connected to the interbanking network so that customers can access their accounts for withdrawals.
ATMs are very reliable, but if they do malfunction typically the greatest harm to a customers is not being able to obtain cash until they can get to the bank during operating hours. Some errors are not to the detriment of customers since there have been cases of machines giving out money without debiting the account or dispensing higher value notes because of incorrect cash denominations loaded into the money storage cassettes. Errors that can occur may be mechanical (e.g card mechanisms, keypads, hard disk failures, memory problems, etc.); software (e.g. operating system, device driver, application, or malicious attack, etc.); communications (e.g. severed link, overload, etc); or operator error.
To ensure confidentiality and the security of customers' accounts, ATMs contain secure crypto processors implemented in a variety of ways, The security of the machine relies on the integrity of the secure crypto processor because the host software often runs on a standard operating system such as Windows or Linux. ATMs may operate on embedded processor circuit boards with custom operating systems or on personal computers using standard operating systems such as Windows 2000 or XP and Linux. Other software platforms include RMX 86, OS/2 and Windows 98 bundled with Java.
ATMs are being targeted by increasingly sophisticated attacks aimed at compromising the accepted security protocol of a magnetic stripe card coupled with a PIN. ATM transactions are usually encrypted with DES (data encryption system) or Triple DES. The plaintext PIN never leaves the PED (Pin Encryption Device) to travel unsecured within the ATM or over the banks' communication network and is generally encrypted by electronic computer circuitry located in close proximity to the PED. “Phantom withdrawals” from ATMs are a somewhat mysterious phenomeon which in the past banks have tended to ascribe to fraud by customers. However, it has become increasingly obvious that many such phantom withdrawals are the result of criminal activity undertaken by sophisticated thieves exploiting vulnerabilities in the current generation of ATMs. There have been incidents of fraud where criminals have used fake machines or have attached fake keypads or card readers to existing machines. These have then been used to record customers' PIN and bank card account details in order to gain unauthorised access to the accounts.
Past efforts to secure PINs have not been successful and banks and credit card companies are seeing increasing losses because of increasingly sophisticated ATM fraud that amounts to about $50 million a year in the U.S. alone. A variety of methods for cloning or stealing victim's ATM and credit cards along with their associated PIN have developed over the years.
One older technique used by a thief to compromise a card and PIN is to install a magstripe reader to the mouth of the machine's real reader designed to look like part of the machine. The reader skims each customer's card as it slides in copying the encoded card information. To obtain the PIN thieves attached fake PIN pads over the real PED that stores the keystrokes without interfering with the ATM's normal operation. They can then create a phony card later and use the PIN to access the account.
Newer techniques use skimmer devices for obtaining card encoded data installed directly over the real card input slot on the ATM so that any card inserted into the ATM is scanned and the encoded card information read and stored. These skimming devices can capture and store account number information, account balances, and verification codes that can then be copied onto a counterfeit card.
Even newer methods for obtaining the PINs have focused on sophisticated methods to tap the current generation of PEDs. “Tapping” or “wiretapping” consists of the unauthorized electronic monitoring of a signal (voice or digital) transmitted over a communication or computer circuit. A monitoring device capturing this signal and data is a “tap.” Generally, a tap usually attaches to a phoneline or junction box or inside a phone, modem or computer. However, in the context of an ATM, a tap must be placed in close proximity to a PED because usually a PIN input is encrypted by electronic components within a very short physical distance measured in inches from the PED. These older generation PEDs can be vulnerable to taps because a cable runs from the PED to the ATM's internal encryption circuitry.
In one method for tapping a PED, the individual keycaps are opened to insert a small sensor/transmitter under the keypad. Whenever the keypad is depressed, a signal is transmitted to a receiver that records the PIN. Another technique is to remove the front face of the PED and attach another front face that records PIN inputs. A thief can also tap into the communication link from the keypad inputs of the PED to obtain a PIN before the electronic signals representing the PIN are processed and encrypted. Yet another method is to remove the PED and insert a thin overlay tap between the key pads and the key sensors that detect and transmit a signal when depressed. Another option is to implant a tap to download cryptographic data or monitor plain text PIN inputs and corresponding encrypting PIN data for later analysis. There is a need for a secured PED design that resists attempts to tap or otherwise tamper with the PED to compromise the PIN or other confidential information.