ATM security lapses you must know
By Muthoga Kioni
The Automated Teller Machine (ATM) is one of the most innovative and influential technological innovations of the 20th century. As retail transaction processing systems, they have transformed banking in Kenya. The excruciating days of queuing for hours in stuffy banking halls to withdraw money are now just painful memories.
ATM fraud has consequently become a serious problem. You have most likely received those widely circulated e-mails that warn against one ATM scam or the other.
It is important to know a few facts and features of ATM’s that can alert you to ATM fraud.
In the ATM system, all operations regarding customer Personal Identification Numbers (PIN) and other related material are performed in tamper-resistant computer hardware. These PINs are never made available to any bank staff. Apart from PINs, ATM cards are sent to customers from separate facilities. You should, therefore, be extremely suspicious when a bank employee claims to be privy to your PIN and card information.
The server can ‘forget’
Another perennial problem is simple processing errors. A major source of errors is when ATMs fail to send transaction details if a network outage occurs before a confirmation message was received from the main computer server.
The outcome is that the server ‘forgets’ about the open transactions resulting into various scenarios. Your account is debited with another customer’s transaction or the ATM does not dispense the money yet your account is debited and other customers are not debited at all for their withdrawals.
Another important setback is the handling of inter-bank transactions. It is not viable for several banks to share encrypted keys. So each bank connects to a central switch provided by an external organisation.
This switch contains a security module, which translates the inter-bank ATM traffic and also does the accounting. The switch is highly trusted and if something goes wrong, the consequences could be catastrophic.
A modus operandi, which has not yet been seen in Kenya, but is bound to happen soon, is the use of false ATM terminals. These bogus ATMs resemble the real ones and are used to harvest customer card and PIN data. It is not beyond crooks to acquire a proper ATM terminal with a software development kit and install it in a remote location.
—The writer is an ICT Security and Forensic Specialist. Email: [email protected]
The aristocratic judgementWhat do other inmates think about Justice Muga Apondi’s judgement in the celebrated murder trial of Thomas Cholmondeley (TC)? You must be wondering. As you read this piece, l can sense your anxiety to pick a scent of whether netizens think that colour and class were contributing factors and whether he should have suffered the same fate as the chap awaiting a date with the hangman for allegedly robbing his neighbour of a loaf of bread.
Restoring Nairobi’s iconic librariesBook Bunk is turning public libraries into what they call ‘Palaces for The People' while introducing technology in every aspect.
PNU vows to back Raila, form coalition with ODM
By Samson Wire
- Eyes on Navy as Kenya takes tough stance on Somalia
- Grand reception for Raila as he storms Ruto’s Eldoret backyard
- Raila feted for championing unity, development
- Family pays tribute to businessman found dead in park
- Pregnancy, child loss comes with painful, silent grief
HEALTH & SCIENCE