Micro ATMs are Point of Sale(PoS)Devices that work with minimal pow-er, connect to central banking servers through GPRS, thereby reducing the op-erational costs considerably. Micro ATM solution enables the unbanked rural people to easily access micro banking services in a very effective manner.
How to Use Micro ATMsThe basic interoperable transaction types that the micro ATM will support are:
- Deposit
- Withdrawal
- Funds transfer
- Balance enquiry and mini-statement.
The micro ATM will support the following means of authentication for interoperable transactions:
- Aadhaar + Biometric
- Aadhaar + OTP
- Magnetic stripe card + Biometric
- Magnetic stripe card + OTP
- Magnetic stripe card + Bank PIN
Threats to Micro ATMs
Data Vulnerabilities
With respect to POS data vulnerabilities, there are three specific areas that should be given attention in-cluding data in memory; data in transit; data at rest. Data in memory in this context is when the card track data is brought into the system at the POS system via a POI (Point of Interface or some other input device). Data in memory is nearly impossi-ble to defend if an attacker has access to the POS sys-tem. Traditionally, data input into the POS system was in memory in clear text, which is what allowed, attackers¿ memory scrapers to be very successful. The way to min-imize this risk is by encrypt-ing the card data as soon as possible and keeping it en-crypted to the maximum ex-tend throughout its life with-in the system. Point to Point Encryption (P2PE) could be used to address the issue of encrypting data in memory.
Skimming
Skimming is the theft of credit card / Debit card infor-mation. Thief can obtain vic-tim’s credit card number us-ing a small electronic device near the card acceptance slot and store hundreds of victim’s credit card numbers.
Social Engineering
Social engineering involves gaining trust - hence the fraudster poses as a mem-ber of staff. The fraudster would then ask the customer to check the card for damag-es. The fraudster would have gained confidence from his prey using various tactics such as offering assistance to the customer who per-haps would have tried to use the ATM without success or perhaps the customer who is not familiar with use of micro ATM machine and requires assistance.
Best Practices for Users to remain safe
- Before using micro ATM, please ensure that there are no strange objects in the insertion panel of the ATM(to avoid skimming)
- Cover the PIN pas while entering PIN. Destroy the transaction receipts se-curely after reviewing.
- Change ATM PIN on a regular basis.
- Keep a close eye on bank statements, and dispute any unauthorized charg-es or withdrawals imme-diately.
- Shred anything that con-tains credit card number written on it.(bills etc)
- Notify credit/debit card issuers in advance for change of address.
- Don not accept the card received directly from bank in case if it is dam-aged or seal is open.
- Do not write PIN number on credit/debit card.
- Do not disclose Credit Card Number/ATM PIN to anyone.
- Do not hand over the card to anyone, even if he/she claims to represent the bank.
- Do not get carried away by strangers who try to help you use the micro-ATM machine.
- Do not transfers or share account details with un-known/non validated source.
- In case of any suspected transactions or loss of cards, contact the service provider/bank immedi-ately.