ATM Risk Management and Controls - EuroJournals

European Journal of Economics, Finance and Administrative Sciences 

ISSN 1450-2275 Issue 21 (2010) 

© EuroJournals, Inc. 2010 

http://www.eurojournals.com 

ATM Risk Management and Controls 

Devinaga Rasiah 

Lecturer, multimedia university (Malacca Campus), Malaysia 

E-mail: devinaga.rasiah@mmu.edu.my 

Abstract 

The aim of this study is to investigate risk management, security and controls in the 

context of Automated teller machines (ATMs). In doing so, it adopts a non-technical 

approach by investigating the interrelationship and effect of risk management and controls 

in setting Automated Teller Machine security goals. The literature explores and discusses 

the risk management and different controls of ATMs. To reduce the risk of fraudulent 

activity, several controls can be integrated into the ATM processing environment. 

However, the controls should not be considered a cure-all. 

Keywords: ATMs, data security, risk, fraud, electronic banking, and controls. 

ATM 

An automated teller machine (also known as an ATM or Cash Machine), is a computerized device that 

provides the customers of a financial institution with the ability to perform financial transactions 

without the need for a human clerk or bank teller. 

Crime at ATM’s has become a nationwide issue that faces not only customers, but also bank 

operators. Security measures at banks can play a critical, contributory role in preventing attacks on 

customers. These measures are of paramount importance when considering vulnerabilities and 

causation in civil litigation and banks must meet certain standards in order to ensure a safe and secure 

banking environment for their customers. 

The Automated Teller machine is a terminal provided by bank or other financial institutions 

which enables the customer to withdraw cash to make a balance enquiry, to order a statement, to make 

a money transfer, or deposit cash. The ATMs are basically self-service banking terminals and are 

aimed at providing fast and convenient service to customers. 

Some of the new generations of ATMs are able to cash a check to the penny, dispense 

traveller’s cheques and postage stamps, perform stock transfers, print discount coupons, issue phone 

cards, and even sell concert tickets. Customers are grateful for these ATM features but they are also 

very concerned with ATM crime and safety. 

Background Studies 

ATMs are generally designed for through-the –wall operations as well for use in lobbies. The Banker’s 

magazine, September (1983), indicated that the ATMs provided convenient bank access to customers 

accounts 24 hours a day, seven days a week including public holidays. The lobby machines which are 

installed in the banking lobbies are only operational during banking hours. James Essinger (1987) 

indicated that “ATM machines allow banks customers who have been issued with a card and a six digit 

secret number known as a PIN number (Personal identification number) to perform their own banking

162 European Journal of Economics, Finance and Administrative Sciences - Issue 21 (2010) 

transactions”. The plastic card contains a magnetic stripe or a chip that contains a unique card number 

and some security information, such as an expiration date and card validation code (CVC). 

Kalakota and Whinston, (1996) mentioned that the financial services industry has been through 

'structural and operational changes since the mid-1990s, and innovative use of new information 

technology, electronic commerce. Hamelink, (2000) indicated that these associated cost reductions are 

driving ongoing changes in banking New technology brings benefits and risks and new challenges for 

human governance of the developments. 

RCBC (2007), mentioned that authentication of the user is provided by the customer entering a 

personal identification number (PIN). Miranda F, Cosa R and Barriuso (2006), highlighted that 

customers transacting on these ATMs are guided by instructions displayed o the video screens. These 

ATMs normally dispense two or more denominations of paper money. Customer’s advice slips are 

automatically printed and dispensed except for balance enquires. All deposits have to be accounted for 

by the bank staff, before they are credited to customers’ accounts. 

Marcia Crosland of NCR Corp. (2010) indicated that aside from revenue generation and cost 

savings, ATMs are becoming the face of many financial institutions. For many consumers, ATMs are 

becoming the only interaction they have with their banks. In addition, ATMs are also becoming a 

competitive mark for many banks. Therefore, it is imperative to ensure that the customer's experience 

with the ATM is safe and secure. 

Mike Fenton (2000), mentioned that over the past three decades consumers have come to 

depend on and trust the ATM to conveniently meet their banking needs. In recent years there has been 

a proliferation of ATM frauds across the globe. Managing the risk associated with ATM fraud as well 

as diminishing its impact are important issues that face financial institutions as fraud techniques have 

become more advanced with increased occurrences. 

Diebold Inco. (2002) indicated that the ATM is only one of many electronic funds transfer 

(EFT) devices that are vulnerable to fraud attacks. Card theft, or the theft of card data, is the primary 

objective for potential thieves because the card contains all relevant account information needed to 

access an account. 

Recent global ATM consumer research indicates that one of the most important issues for 

consumers when using an ATM was personal safety and security. As financial institutions use the 

migration of cash transactions to self-service terminals as a primary method of increasing branch 

efficiencies, the ATM experience must be as safe and accommodating as possible for consumers. 

The industry has grave difficulty in measuring ATM fraud given the lack of a national 

classification, the secrecy surrounding such frauds, and the unfortunate fact that one cannot know the 

true cost of fraud until one is hit with it. Even low-cost solutions, such as customer awareness, 

challenge banks that fear scaring customers away from the ATM, or worse, into the doors of a 

competitor. 

ATMs Transactions in Malaysia 2000 – 2004 

Automated Teller Machines 2000 2001 2001 2003 2004 

Number of ATMs 3,944 4,161 4,213 5,241 5,565 

Volume of cash withdrawals in (million) 146.1 174.9 193.5 215.6 264.3 

Value of cash withdrawals (RM billion) 62.0 71.8 77.6 86.3 110.8 

Bank Negara Malaysia 2004.Figures in 2000-2002 comprises domestic commercial banks, LIFBs, Islamic banks and 

finance companies. Figures in 2003-2004 include the DFLs. Figures in 2000-2003 represent transactions involving the 

domestic commercial banks ,LIFBs and finance companies. Figures include Islamic banks transactions. 

Number of EFTPOS Terminals MALAYSIA 

as at end of period 2004 2005 2006 2007 2008 2009 

Unit 

International brand payment cards 1 n.a. 83,100 93,368 119,490 144,897 160,585 

ATM card 2 n.a. 20,052 21,592 34,754 67,581 88,808


E-money 16,642 18,198 28,115 28,771 29,236 30,198 

1 MasterCard, Visa, American Express and Diners Club 

2 Domestic PIN-based debit card scheme 

n.a Not available 

Note: Data is collected on a quarterly basis 

Number of Cards/Users of Payment Instruments 

as at end of period 2004 2005 2006 2007 2008 2009 

'000 

Credit card 6,583.0 7,815.5 8,833.0 9,901.3 10,812.4 10,817.6 

Charge card 286.3 244.5 272.1 245.6 285.6 285.2 

Debit card 1 10,237.2 15,676.7 18,861.4 21,887.3 24,436.6 30,847.6 

E-money 34,174.1 44,034.8 46,874.7 53,150.4 61,534.1 68,461.8 

Includes international Brand debit card and ATM card 

Source: BNM Annual Report (2004 – 2009)* refers to commercial banks only, also excludes Islamic Banks 

Frauds at ATMs 

Diebold Inco. (2002), indicated that fraud at the ATM although more difficult than at a POS, has 

recently become more widespread. Recent occurrences of ATM fraud range from techniques such as 

shoulder surfing and card skimming to highly advanced techniques involving software tampering 

and/or hardware modifications to divert, or trap the dispensed currency. 

Recent Global ATM consumer research indicates that one of the most important issues for 

consumers when using an ATM was personal safety and security*. As financial institutions use the 

migration of cash transactions to self service terminals as a primary method of increasing branch 

efficiencies, the ATM experience must be as safe and accommodating as possible for consumers. 

The magazine (1991), published that the UK consumer Association reported a case pf phantom 

withdrawals. In 1989, 570 pounds was wrongly deducted from John Allans’ Bank of Scotland account. 

A total of 8 cash withdrawals were carried out, three of them when he was away with his card in 

Andorra. Complaining to the bank was fruitless and later Mr Allan was going to sue the bank of 

Scotland. The day before the case was due to come to court, the bank reached an out –of court 

settlement with him. The magazine concludes that this case marks a breakthrough because the bank 

acknowledged that money can get debited to a account without the use of the card plus the PIN. 

This risk exists in each product and service offered. The level of transaction risk is affected by 

the structure of the institution’s processing environment, including the types of services offered and the 

complexity of the processes and supporting technology. 

ISACA (2007), highlighted that the key to controlling transaction risk lies in adapting effective 

polices, procedures, and controls to meet the new risk exposures introduced by e-banking. Basic 

internal controls including segregation of duties, dual controls, and reconcilements remain important. 

Information security controls, in particular, become more significant requiring additional processes, 

tools, expertise, and testing. Institutions should determine the appropriate level of security controls 

based on their assessment of the sensitivity of the information to the customer and to the institution and 

on the institution’s established risk tolerance level. 

There are three basic types of ATM attacks: 

• Attempts to steal a customer‘s bank card information; 

• Computer and Network attacks against ATM‘s to gather bank card information; 

• Physical attacks against the ATM. 

THEFT OF CUSTOMER‘S BANK CARD INFORMATION 

Card Skimming 

Fake ATM machines 

Card Trapping/Card Swapping


Distraction theft or ‘manual’ skimming 

Shoulder Surfing 

Leaving transaction ‘Live’ 

Cash trapping 

COMPUTER AND NETWORK ATTACKS 

Network attacks against ATMs 

Viruses and malicious software 

Phishing 

PIN cash-out attacks 

Utilizing a Fake PIN pad overlay 

PIN Interception 

PHYSICAL ATM ATTACKS 

Ram Raid Attacks 

Theft of ATMs 

Smash and Grab of ATMs 

Safe cutting/Safe Breaking 

Explosive Attacks 

The other most common cash dispenser fraud has become known as the "Lebanese loop" 

because criminals of Lebanese origin apparently first used it. This has many variations but usually 

involves the cash machine being tampered with so that your card is not returned to you and is then 

removed by the criminals: alternatively if you get your card back a device has recorded the details of 

your magnetic stripe. The crooks have also captured your PIN number though some variation of 

shoulder surfing. It is this problem that has led to banks putting posters and other warnings on ATMs 

advising customers to visually inspect the machine to see if it has been altered or tampered with. 

Types of Errors 

So far the ATMs have been the most widely spread application of electronic banking. There are various 

types of errors which can occur due to mechanical failure at the ATM terminal leading to the following 

problems:- 

• ATM dispenses less cash to the customer but the account is debited correctly. 

• The customer’s account is debited twice but the cash is only dispensed once by the ATM. 

• The customer’s account is debited but the cash is not dispensed by the ATM. 

Normally errors can occur at any time, even when the ATM accepts cash and cheques deposits. 

There have also been cases of phantom withdrawals and the card-holder denying being responsible for 

those cash withdrawals, although the computer records showed that a genuine transaction had taken 

place. 

Reputational Risks 

This is considerably heightened for banks using the Internet. For example the Internet allows for the 

rapid dissemination of information which means that any incident, either good or bad, is common 

knowledge within a short space of time. The speed of the Internet considerably cuts the optimal 

response times for both banks and regulators to any incident. 

Any problems encountered by one firm in this new environment may affect the business of 

another, as it may affect confidence in the Internet as a whole. There is therefore a risk that one rogue 

e-bank could cause significant problems for all banks providing services via the Internet. This is a new 

type of systemic risk and is causing concern to e-banking providers. Overall, the Internet puts an 

emphasis on reputational risks. Banks need to be sure those customers’ rights and information needs 

are adequately safeguarded and provided for.


Management Risk Analysis 

Management risk analysis identifies the nature of risk involved in detail. This evaluation helps the 

financial institution to decide whether it is necessary to have controls to overcome losses which may 

arise from various risks associated with the ATMs. A plan is normally formulated as to how these 

ATM risks are going to be identified, what methods are going to be used to overcome these 

risks/threats, and, if a fraud or a misuse should occur, how much loss is expected and how Bank is 

going to recover. 

This is the highest risk category that requires the strongest controls since online transactions are 

often irrevocable once executed. The bank’s internet systems may be exposed to internal or external 

attacks if controls are inadequate. A heightened element of risk is that attacks against internet systems 

do not require physical presence at the site being attacked. At times, it is not even clear or detectable as 

to when and how attacks are launched from multiple locations in different countries 

In view of the proliferation and diversity of cyber attacks, banks should implement two-factor 

authentication at login for all types of internet banking systems and for authorising transactions. The 

principal objectives of two-factor authentication are to protect the confidentiality of customer account 

data and transaction details as well as enhance confidence in internet banking by combating phishing, 

key logging, spyware, malware, middleman attacks and other internet-based scams and malevolent 

exploits targeted at banks and their customers. 

Two factor authentications for system login and transaction authorisation can be based on any 

two of the following factors: 

• What you know (eg. Personnel Identification Number) 

• What you have (eg. One Time Password token) 

• Who you are (eg. Biometrics) comprises methods for uniquely recognizing humans 

based upon one or more intrinsic physical traits 

Risk analysis provides the financial institution with variable information as to how much 

investment it should make to enhance the security and controls of its ATM installation. 

The EDP Audit Control and Security Newsletter (March 1991) indicated that risk analysis involves 4 

steps. 

• Reviewing the existing ATM centre environment 

• Identifying the critical information processing of ATM applications 

• Estimating the value of the ATM assets used by these application that must be 

protected 

• Quantifying the estimated loss associated with the occurrence of a fraudulent misuse 

of cards of unauthorised withdrawals etc. 

Reviewing the Existing Operation of the ATM Installation 

It is essential that management identify all the various hazards to which ATM centre is exposed, 

including natural disasters or otherwise. The management normally identifies the controls that are in 

operation that are to reduce the possible impact of these risks/threats. Controls of all kinds which are 

applicable to the Automated Teller Machine must be identified. 

Even though the existing ATM controls may appear to be in operation, the management must 

make sure that maintenance is preformed to ensure that the controls will be effective in the event of a 

fraud or misuse. John Page and Paul Hooper (1987) indicated that compliance testing is used to 

determine the following: 

• To determine whether the necessary controls are in place. 

• To provide reasonable assurance that the controls are functioning properly 

• To document when, how, and by whom, the controls are preformed. 

The management may recommend that some of these controls be changed, implement or 

modified in ways that minimize the relevant risks and the exposure associated with them.


ATM Risk Management 

ATM risk management is a ongoing process of identifying, monitoring and managing potential risk 

exposure considering as ATMs relates to payment systems. The following should be considered:- 

• General Supervision 

• Transaction Processing 

• System administration 

Identifying the Various Areas 

The management can identify the major area of risks by doing an analysis or statistical sampling of the 

information given below. They should be able to form an opinion from this information below:- 

a) Total number of ATM’s and their usage. 

b) Time logged on/Settlement time. 

c) Number of Cardholders. 

d) Number of Transactions, e.g. Withdrawals and transfers etc. 

e) Total amount withdrawn of transferred etc. 

f) Number of ATM reports generated etc. and may more areas. 

g) Overall review of ATM management resources etc. 

Only after management have identified these areas can the controls be increased, changed or 

modified. It is important to determine a reasonable estimate of the overall value of the ATM 

installation. Care should also be taken in determining the value of the installed software. 

Estimating the ATM Loss 

Estimating losses can be difficult, Dr Catherine P Smith (1987) indicated “that normally the loss could 

be due to human error, technical error or deliberate action such as fraud, misuse or unauthorised use of 

the ATM card etc.” Most financial institutions treat ATM losses unless it is major as a small loss 

unless it is a major fraud. Normally the loss is only a very small percentage when compared to the 

overall volume and amount transacted within the bank. Alvin A, Arens and James K Loebbecke ( 

1988) indicated “that it is not possible to establish my dollar- value guidelines as it depends on a 

number of factors which the management analyses and forms a decision”. 

Upon management identifying the risks, audit techniques can be used to evaluate the 

consequences of fraud or misuse at the ATM prior to recommending improved controls. 

There are several exposures to losses inherent in an ATM installation, e.g. exposure occurs 

when a customer transfers funds over communication links; customer’s financial data are subjected to 

fraudulent interception at many points. 

What should be done is to find a way to reduce risks and threats to an acceptable level and to 

provide a method of recovery of ATM losses. 

ATM Security Measures 

Normally security measures are divided into 2 groups. Firstly to reduce the losses at the ATM and 

secondly to find a way to fund or recover these losses.


Measures to Reduce the Losses 

a). The ATM Audit Log 

The ATM audit log provides information that is recorded after the incident. The ATM audit log is 

useful as it identifies and diagnoses security violation. It traces figures contained in a report back to the 

point of processing and from processing to the source of the input. 

b). Encryption 

Encryption is an effective technique for protecting the ATM system. This technique is to make 

intercepted data useless to the interceptor by making it too difficult or too expensive to decipher. This 

means there is little risk if disclosure. 

c). Software Auditing 

R.M Richards and J. Yestingsmer (1986) indicated that “software audit techniques include a review of 

program listing, use to test input/output data with expected results and auditing of the ATM system 

processing program using error detectors built into the system. Tracing is software used by the auditor 

to identify which instructions were used in a program and in what order”. The advantage is that it helps 

to analyse the way in which the ATM program operates. 

Software auditing provides system integrity to management and also provides an opportunity 

for management to identify security and control weakness. There are several good security packages 

that can monitor an ATM software execution to detect possible tampering with the programs. 

These ATM utility programs provide the opportunity for management to examine that the ATM 

programs are being properly executed and are not being overridden or by-passed. By using the audit 

software, frauds and misuses can be detected in a timely manner. 

Controls 

In general the process should ensure Confidentiality, Integrity and Availability (CIA). This 

requirement should be addressed with controls implemented at different levels of the ATM 

implementation, such as General Application controls, business process controls, applications controls 

and Platform controls. 

1. General ATM Operation and Organisation Controls 

The operation and organisational controls are designed to ensure that functions are segregated among 

individuals. There are two main important elements in an ATM system; firstly the magnetic card and 

secondly the PINs. Making of the PINs is not to be carried out by people who are processing the cards. 

Miklos A Vasarhelyi and Thomas W Lin (1988) indicated that “there should be segregation” in order 

to limit an individual to only one interface with the system. 

Most ATM systems rely heavily on programmed controls within the ATM system software; 

hence it is important to separate the system development individuals, e.g 

To separate:- 

• application testing from systems design and programming and 

• System software programming from application programming. 

Risks/Threats 

• Mailed cards being intercepted before reaching the authorised address. 

• Uncollected cards not only take up valuable space for storage but also pose a security risk to the 

bank through fraudulent use of these cards by bank staff.


• Retained cards – these ATM cards pose an even greater risk, if they fall into the wrong hands 

and are misused. 

• Inadequate supervision of embossing of the card. 

• Stolen cards not being reported immediately 

• Stocks of blank cards could lead to unauthorised cards being issued leading to fraud. 

2. Business Process Controls 

In general no one person should handle all the transactions. This can be achieved by proper segregation 

of duties. Appropriate control should be included during reconciliation, verification of withdrawals and 

date/time of transactions was completed. 

Application Close supervision is necessary within the embossing department, where control on 

card issuance should be rigorous after embossing. Furthermore the envelopes should be issued based 

on a predetermined control number. During hours of non-production, the embossing department should 

be kept locked. Personnel having access to cards must be denied access to PINs whenever cards are 

prepared and processed. There should be two staff in charge of the process in order to have dual 

accountability for stock. 

Security and Control of PIN (Personal Identification Number) 

A PIN is a “personal identification number” . This is a number consisting of four numerical characters 

which is essentially a cardholder’s password. PINs can be assigned by the institution or can be 

customer selected. PINs which are generated for the customer can be derived from the customer’s 

account number and a logarithm used. These PINs are normally stored in an encrypted form at the 

ATM. A temporary PIN is issued which can be used at the ATM immediately. Later the customer has 

the choice of selecting his own PIN number at the ATM. 

Risks/Threats 

There are a number of risks involved in the management of PIN numbers:- 

1 There is the integrity of the PIN itself. If control and security is not tight, the method of 

selecting PIN or encryption keys may become known and duplicated PINs and mailers be 

prepared. 

2 The PIN mailers are intercepted during mailing. 

3 PINs longer than four digits are security hazards, as holders may be tempted to write down their 

number to remember them. 

4 Issuing replacement PIN numbers to customers. If the person making the request has stolen the 

card or is not authorised to use it, the true owner of the card stands to lose a substantial sum of 

money. 

Application Controls 

For controls and security purpose the PIN which is in encrypted form is stored in a database file for 

security purposes. The PIN mailers are prepared separately. The PIN is only activated upon the use of 

the card by the customer at the ATM. 

Adequate control should be carried out when PIN is produced for mailing. Mailing of the PIN 

is carried out subsequent to card mailing. The PIN is forwarded to the customer in a separate mailer on 

a different day. 

For security reasons all systems documentation concerning PIN generation/encryption and 

decryption keys must be under tight control at all times. Furthermore, extreme care must be taken when 

requests for new PINs are made. It is important for security reasons that the request for a new PIN 

should be in writing.


For control purposes confirmation of numbers of PINs generated must be carried out against the 

total application approved. 

It is recommended that the customer’s PIN should not be displayed on the PIN mailer. For 

control and security reasons the PIN mailers should not have direct reference or correlation to the 

customer’s account number or identification of the financial institution. The PIN must be scrambled or 

encrypted if printed or displayed on terminal screens. 

Other Controls are as follows:- 

• Access controls and authorisation to any addition, deletion or changes to ATM transaction 

details should be implemented. 

• Any changes to cardholder details should be authorised by the officer at the next level. 

• Realistic maximum transaction and maximum daily total limits should be implemented for 

ATM withdrawals. 

• Printed receipts should be dispensed by the ATM for every ATM transaction. 

• Every ATM transaction should be acknowledged by e-mail or a short message script sent to the 

mobile phone to confirm or alert the user that a transaction was performed. 

3. Platform Controls 

Controls to consider should include:- 

I. Encryption 

II. Algorithm 

III. Communication Controls 

i. Communication protocols 

ii. Encryption protocols etc 

Measure to Use if Fraud does occur at the ATMs 

Unfortunately, losses and security breaches do occur. It is important to have a recovery procedure 

which will identify if losses occur through the ATMs. Normally insurance companies provide banks 

with a Bankers Insurance Coverage, which includes losses that “the cover needed will vary depending 

upon the risk”. It is important for financial institutions to have a straight loss control program in order 

to fully protect its ATM customers itself. In addition to the Bankers Insurance cover there is also 

computer crime insurance cover. This covers all transfers of funds which are lost as a result of a 

fraudulent input into system. 

On its own, technology will never solve the problems of an inefficient and poorly managed 

institution. At such an institution, technology may just automate problems and highlight inefficiencies. 

ATMs require a high degree of additional control beyond those traditionally employed by financial 

service providers. Institutions need to make sure they are able to track funds that have been deposited 

into the ATMs but not yet accounted for in central accounts as fraud or errors may be involved with the 

deposit. When initiating new technologies such as offering financial services through ATMs, 

institutions must be prepared to educate clients on the benefits and train them in the use of the new 

technology. Failing to do so can reduce adoption rates and/or lead to a rejection of the technology by 

the targeted clients. 

Clients are often relationship oriented and enjoy person-to-person transactions. These 

transactions build trust and familiarity while automating processes can depersonalize services and 

alienate clients. This must be considered and adequately planned for, when switching from highly 

personalized services to automated transactions.


Some suggested Audit EFT Procedures 

• Physical Controls 

• Process Controls 

• Transmission and System failures 

• System logon controls 

• Messaging controls 

• Transfer Controls 

• PIN controls 

• Card Controls 

• Back –end application 

• Front end application 

• Transaction Journal/ Audit Trail 

• Visible Terminals. 

Source: ISACA -Information Systems Audit and Control Association (2007) 

Conclusion 

Praveen Dalal (2006) indicated that although comprehensive computer insurance cover is available to 

Banks for losses relating to ATMs, it is important to note that they vary significantly. By utilizing 

careful ATM analysis and the best prevention and reduction methods acceptable levels of ATM risks 

can be maintained. One of the benefits that banks experience when using e-banking is increased 

customer satisfaction. This due to that customers may access their accounts whenever, from anywhere, 

and they get involved more, this creating relationships with banks. 

Banks should provide their customers with convenience, meaning offering service through 

several distribution channels (ATM, Internet, physical branches) and have more functions available 

online. Other benefits are expanded product offerings and extended geographic reach. This means that 

banks can offer a wider range and newer services online to even more customers than possible before. 

The benefit which is driving most of the banks toward e-banking is the reduction of overall costs. With 

e-banking banks can reduce their overall costs in two ways: cost of processing transactions is 

minimized and the numbers of branches that are required to service an equivalent number of customers 

are reduced. With all these benefits banks can obtain success on the financial market. But e-banking is 

a difficult business and banks face a lot of challenges.


References and sources 

1] ISACA// www.isaca.org/glossary(2007) 

2] http://www.atmsecurity.com/monthly-digest/atm-security-monthly-digest/atm-fraud-andsecurity-digest-march-2009.html 

3] http://www.computerworld.com/securitytopics/security/story 

4] http://www.denverpost.com/headlines. 

5] http://www.europol.europa.eu 

6] http://www.mydigitallife.info/2006/09/25/atm-hacking-and-cracking-to-steal-money-with-atmbackdoor-default-master-password/ 

7] http://www.theregister.co.uk/2006/11/18/mp3_player_atm_hack/ 

8] http://www.wired.com/threatlevel/2009/04/pins/ 

9] https://www.european-atm-security.eu 

10] McGlasson L., ‘ATM Fraud: Growing Threats to Financial Institutions‘, Bank Info Security, 

http://www.bankinfosecurity.com 

11] ATM crime (2009): Overview of the European situation and golden rules on how to avoid it. 

12] Robinson G., ‘Bondi banks scam: ATM alert‘, The Sydney Morning Herald, October 2008, 

13] Hamelink, C. "The Ethics of Cyberspace," Sage, London, 2000.Ind, N. "Living the Brand," 

Kogan Page, London. 

14] Kalakota, R. and A. B. Whinston, "Electronic Commerce: A Manager’s Guide" 2nd Edition, 

Addison Wesley, Harlow, 2001. 

15] Marcia Crosland, NCR Corp.(2010), Consumer behaviour drives innovation inn ATM 

technology. http:/www.atmmarketplace.com. 

16] ISACA (2001) , Is Auditing Procedure (Electronic Fund Transfer( EFT). Information Systems 

Audit and Control Association. 

17] RCBC (2007) Rizal Commercial Banking Corporation. Electronic Banking (e Banking) 

Consumer protection Policy. 

18] Mike Fenton (2008) by Admin. Banking systems and technology; The Blog. Taking ATM 

fraud prevention to the next level. 

19] Roy Martin R and Jan Y (1986) Computer and Security Risk Management. A key to security in 

Electronic Funds Transfer System Elsevier Science publishers. 

20] Praveen Dalal (2006) Preventive measures for ATM Frauds, Computer crime research centre - 

Preventive measure for ATM frauds. 

21] Diebold Inco. (2002), ATM Fraud Security white paper. 

22] James essinger (1987), ATM Networks, Their organisation security and finance, published by 

Elservier Int Bulletin Chp 6 Future developments. 

23] Alvin AA and James K Loebbecke (1988) , Auditing an integrated approach 4 th edition Chp8 

pg 231-269 prentice hall Int. Edition. 

24] The EDP Audit, Control and Security Newsletter (1991) EDPACS, Robert Parker- Acss 

Control software: What it will and will not do. Vol XVIII No 8. 

25] John and Paul H (1987) Accounting and information System, Compliance testing in a computer 

environment. Chp16, 3 editions Prentice Hall. 

26] Andrew D Chambers (1981), Computer Auditing Insurance, Chp5, Pitman Books Ltd. 

27] Campion, Anita & Sarah Halpern. “Automating Microfinance: Experience from Latin America, 

Asia, and Africa.” MicroFinance Network, 2001. 

28] www.mfnetwork.org/bookmarks/Itemid,26/task,detail/catid,1/navstart,0/mode,0/id,5/search,CG 

AP IT Innovations Series 

29] www.cgap.org/publications/microfinance_technology.html

ATM Risk Management and Controls - EuroJournals

Create successful ePaper yourself

Delete template?

Save as template?