× Digital News Videos Health & Science Opinion Education Columnists Lifestyle Cartoons Moi Cabinets Kibaki Cabinets Arts & Culture Podcasts E-Paper Tributes Lifestyle & Entertainment Nairobian Entertainment Eve Woman TV Stations KTN Home KTN News BTV KTN Farmers TV Radio Stations Radio Maisha Spice FM Vybez Radio Enterprise VAS E-Learning Digger Classified Jobs Games Crosswords Sudoku The Standard Group Corporate Contact Us Rate Card Vacancies DCX O.M Portal Corporate Email RMS

ATM security lapses you must know

By | May 13th 2009

By Muthoga Kioni

The Automated Teller Machine (ATM) is one of the most innovative and influential technological innovations of the 20th century. As retail transaction processing systems, they have transformed banking in Kenya. The excruciating days of queuing for hours in stuffy banking halls to withdraw money are now just painful memories.

ATM fraud has consequently become a serious problem. You have most likely received those widely circulated e-mails that warn against one ATM scam or the other.

It is important to know a few facts and features of ATM’s that can alert you to ATM fraud.

In the ATM system, all operations regarding customer Personal Identification Numbers (PIN) and other related material are performed in tamper-resistant computer hardware. These PINs are never made available to any bank staff. Apart from PINs, ATM cards are sent to customers from separate facilities. You should, therefore, be extremely suspicious when a bank employee claims to be privy to your PIN and card information.

The server can ‘forget’

Another perennial problem is simple processing errors. A major source of errors is when ATMs fail to send transaction details if a network outage occurs before a confirmation message was received from the main computer server.

The outcome is that the server ‘forgets’ about the open transactions resulting into various scenarios. Your account is debited with another customer’s transaction or the ATM does not dispense the money yet your account is debited and other customers are not debited at all for their withdrawals.

Another important setback is the handling of inter-bank transactions. It is not viable for several banks to share encrypted keys. So each bank connects to a central switch provided by an external organisation.

This switch contains a security module, which translates the inter-bank ATM traffic and also does the accounting. The switch is highly trusted and if something goes wrong, the consequences could be catastrophic.

A modus operandi, which has not yet been seen in Kenya, but is bound to happen soon, is the use of false ATM terminals. These bogus ATMs resemble the real ones and are used to harvest customer card and PIN data. It is not beyond crooks to acquire a proper ATM terminal with a software development kit and install it in a remote location.

—The writer is an ICT Security and Forensic Specialist. Email: [email protected]

Share this story
The aristocratic judgement
What do other inmates think about Justice Muga Apondi’s judgement in the celebrated murder trial of Thomas Cholmondeley (TC)? You must be wondering. As you read this piece, l can sense your anxiety to pick a scent of whether netizens think that colour and class were contributing factors and whether he should have suffered the same fate as the chap awaiting a date with the hangman for allegedly robbing his neighbour of a loaf of bread.
Restoring Nairobi’s iconic libraries
Book Bunk is turning public libraries into what they call ‘Palaces for The People' while introducing technology in every aspect.