Comparative Study of Existing ATM Systems and Systems for Small Payment Transactions Using Mobile Phones - Literature review Example

?Comparative Study of Existing ATM Systems and Systems for Small Payment Transactions Using Mobile Phones In banking industry, one of the most significant trends is Automated Teller Machine (ATM) system. The uses of ATM card have increased considerably in recent years all over the world. The ATM system has successfully swapped the traditional paper based transaction system by introducing electronic means of money transactions. The increased popularity of ATM system has occurred due to its simplicity, rapidity, time flexibility and autonomous characteristics. With the development and advent of e-commerce, the mobile transactions have also evolved and gained much popularity in recent years. In several small payment transactions, uses of direct cash have changed by mobile payment systems. It provides users the advantage of using mobile phone for any kind of financial transactions such as bill payment or purchase goods. The increasing uses of ATM system and mobile technologies in payment have also increased the security risks. In present days, these electronic means of money transaction involve several security threats from illegal activities such as card trapping, swapping, cloning, phishing, shoulder surfing, and smishing among others. These activities result in loss of huge money and account information of users. The paper will describe the existing ATM system and small payment transactions by using mobile technology along with the security issues of these systems. Keywords: ATM System Security, Small Payment Transactions, Mobile Technologies. Table of Contents Table of Contents 3 Literature Review 4 Introduction 4 Existing ATM System 4 Small Payment Transactions through Mobile Technology 6 Mobile Transaction 7 ATM System Security 9 Conclusion 11 References 12 Bibliography 17 Literature Review Introduction Presently, ATM system can be found in almost every bank and financial institution and the uses are growing rapidly. The paper will describe the ATM system and several security issues of this technology. ATM stands for “Automated Teller Machine” which is a real time methodology having extremely complex design and operation. ATM technology has been developed through “Real-Time Process Algebra” (RTPA) systems and “Unified Data Models” (Wang, 2010). The static actions of ATM machine are indicated by Unified Process Models for processing money transaction and dynamic actions are indicated by process precedence allocation, process disposition, and report processing simulations. The ATM system never performs autonomously it should be controlled by some banks and requires specialized software and computer which is aimed for performing the money transaction operations. The software of ATM must support the electronic system of bank (Wang, 2010). Existing ATM System This theme will provide a brief description about ATM system, how it performs and its importance. This section is relevant for conducting the research as it can help the reader to understand the characteristics of ATM system. ATM system is most efficient in microfinance institutions (MFIs) (Whelan, 2011) which take money and help customers in numerous sites throughout non-office hours. The value of a single ATM machine is almost 22,600 Pounds (Approximately 35,000 USD) and needs dependable electrical and communication networks (Whelan, 2011). In today’s dynamic business environment, the excellence in service quality and flexibility has become imperious for organisations to survive. The progress of machinery has empowered banks to deliver superior services for enhancing customer satisfaction. This is the reason, majority of banks provide self service delivery system such as ATM in order to increase self-sufficiency in performing the money transactions. In the banking sector, ATM system acts as a pioneering service which provides diversified facilities such as money withdrawal, account transfer, cash payment, credit card notices, check book applications, and other monetary queries (Khan, 2010). The advancement of ATM system is comparable to the development of personal computer and telecommunication businesses. Traditionally, ATM system was functioned in local mode deprived of any link with the banking systems (Frei & Et. Al., 1998). The money transaction approval happened on the basis of information verified in the magnetic bands of the users’ card. In the middle of 1980s, the ATM system had started performing on-line with the banking system. It had the capability to approve the money transactions even if the communication with the banking system is lost. Due to safety concerns and fraudulent activities, there was a need to strengthen the level of security in the ATM system. Once ATM system is linked directly, there is need to protect the information on magnetic card and user’s personal identification number (PIN). Therefore, from the initial phase, ATM system used delta encryption standard (DES) procedure to encode the PIN information and increase the security. The existing ATM system uses the biometric technology for more secure environment. This technology possess the ability to measure, organize, equate, store, diffuse, and identify a particular characteristic of an individual along with high degree of accuracy and reliability. In existing ATM system, biometric identification is used to validate the identity of user through evaluating the characteristics digitally and linking those evaluations with the records that are already saved in the form of template in biometric device, in bank’s databases and in user’s debit or credit cards (Bhattacharyya & Et. Al., 2009). Traditionally, biometric identification system was limited due to high price and lack of social recognition, but in present days, this system is undergoing high level of security in banking as well as governmental sectors. The cost of biometric identification system has also been reduced reasonably and according to customers’ security expectations, it also provides satisfactory level of consistency and functionality (Yanez & Gomez, n.d.). Small Payment Transactions through Mobile Technology Small payment transactions are generally used for small purchases in any retail outlet or online shopping. The small payment transactions are also known as ‘micropayment’ system which comprise small amount of money deals. Small payment transactions are used for buying low cost intangible products and have been recently measured as a useful technique, mostly due to development of mobile technologies. There are several service providers such as Paypal, VISA, and Amazon FPS among others which offer small payment transactions and often charge users for accessing the services. As micropayment system is primarily used for buying extremely low-cost materials, it is significant for the service providers to maintain low cost per transaction. The providers of low cost transaction services apply micropayment system without threat of consuming profit margins on these transactions through the cost of offering these dealings and without affecting the performance. In micropayment system, there is no need to enter the PIN or sign for small value purchasers (Papaefstathiou & Manifavas, 2004). Vipin Karla, the country manager of VISA in Australia observed that through micropayment system, retailers can process money transactions quicker and decrease the delay time of the customers which are vital in today’s rapid paced retail business environment (VISA, 2011). As micropayment transactions do not require PIN or signature of user there is same security risk as ATM system (Papaefstathiou & Manifavas, 2004). Mobile Transaction Mobile transaction is one of the emerging trends in e-commerce. The development of e-commerce has been assisted by ATM system, shared banking network, stored value applications and e-payment system among others. Mobile transactions are usual progression of e-payment as well as small payments which enable m-commerce. Mobile transaction can be defined as a money transaction where mobile technology is used to initiate, authorize, and confirm the small payment transactions. Mobile technologies in this sense include cellular phones, PDAs, wireless devices, and any other tools which use mobile telecommunication networks and help to conduct transactions. The recognition of mobile transactions has generated innovative and unanticipated methods of suitability and business. Through mobile technology, the unanticipated inventions are possible in future. Several services such as movie on demand, songs, and registering travelling package among others are conceivable if mobile transactions become viable and universal. Mobile transactions can develop into a corresponding option for cash, cards and cheque payment (Carr, 2007). Traditionally, mobile transactions were not utilized efficiently in several nations. In EU, mobile payment service providers failed to progress. In regions such as Europe and North America, the growth of mobile transactions had not been fruitful. In Asian region also mobile payment services had not gained enough popularity (Carr, 2007). In present days, due to increased popularity of e-commerce mobile technology is used significantly to conduct small transactions. The mobile transaction system has been accepted by several ways in the world, for example: USSD Mobile Banking: Unstructured Supplementary Service Data (USSD) is a GSM service which lets high speed collaborative communication between the users and the applications throughout the channel. USSD permits users to access the bank account from any GSM mobile and it is also recognized as one of the quickest systems of mobile banking (Emirates NBD Bank PJSC, 2011). Mobile Web Payment: Mobile web payment is the other form of mobile transaction which applies the wireless application protocol (WAP) technology. Mobile web payment system comprises payment through card which permits users to purchase through mobile phone. This system gets every benefits as well as security risks of using WAP technology (Mobile Payment Magazine, 2010). Near Field Communication (NFC) system: Near Field Communication (NFC) system has been gaining much popularity in the area of mobile transaction. This system lets users to surf a compatible handset in order to complete a business transaction. NFC system is capable of minimizing the delay time and conduct transaction process rapidly and accurately. NFC system can reduce the number of errors in transactions and ensure a secure banking experience (Motorola, Inc., 2011; Mobile Payment Magazine, 2011). ATM System Security Security is an important issue in internetworking technology specially ATM system. ATM system was first introduced in the United Kingdom by middle of 1960s. Since then, the use of ATMs has augmented intensely. Presently, ATM users conduct billions of transactions, out of which maximum is money withdrawal. ATM system is located in almost everywhere, grocery stores to airports. ATM system has proved as highly beneficial for banks and they are using it for increasing income by saving huge amount of money (Scott, 2011). The issues of ATM system security have not achieved much courtesy till 1995, after which ‘ATM Forum’ had been developed to discourse the security concerns of the ATM system. Just like other networks, ATM network also suffers a lot of security risks such as fraudulent cash withdrawal, trapping, cloning, skimming, phishing, smashing and shoulder surfing among others (Liang, 1997; Dare, 2011). ATM Card Trapping/Skimming: Card trapping is a major risk in ATM system. It is a method of installing a device in the ATM machine which can help to grasp the card of user through sticky tape, wire or cord and then acquire the PIN through observation or placing an overlay on the keypad of ATM machine. On the other hand, skimming is a method of stealing the magnetic tape of cards. Once stealing is successful, the PIN can be taken by placing cameras and other imaging tools in the ATM (Kirk, 2011; Commonwealth Bank of Australia, 2011). Phishing: Phishing had become one of the fastest growing ATM system security issues in 2005. Phishing activities had evidently outplaced the skimming and copying activities. As cyber criminals found it to be an easier and faster method to steal information, they have engaged in phishing activities in order to snip financial information such as PIN number and card number through using spam e-mails and prompt messaging. Phishing activities usually motivate users to provide the financial information through false website which can appear almost same to the real ones. The breeding victims from phishing had damaged the confidence of user in the security and expediency of mobile and online banking (Fair Issac Corporation, 2005). Smishing: Smishing technique is similar to the phishing where criminals send short message service (SMS) in order to disclose the private financial information of users. In this method, users are provided with SMS which requires immediate attention to respond (such as “your card has been deactivated”) so that convicts can get the vital information such as PIN number or ATM card number (Serrano & Park, 2011). Spoofing: Spoofing is the other ATM security issue where the invader attempts to imitate the real user so that he/she can get admittance to the funds of the user and take benefit of it or destroy it. Spoofing requires special tools to control the protocol data element and invader needs access permission to enter in the ATM system (Liang, 1997). Cloning: In cloning method, criminals use ATM swiping machine with other illegal devices which help to clone the user’s ATM card information. That information can further be used for making fake cards in order to snip the user’s identity as well as the money from bank account. It is a widespread technique as there is less chance of finding the criminal and users are also unaware that their money has been stolen unless they collect the bank statement (Meela, 2010). Shoulder Surfing: Shoulder surfing is a direct observation technique where offender applies tools such as eyeglasses, cameras, keyboard audibility and electromagnetic secretions in order to get user’s password. In ATM system, entering the password is one of the most vulnerable aspects for breaking the security. Biometric method which is used in ATM system is not prone to the threat of shoulder surfing. This method undergoes from disadvantages of the biometric characteristics which is not revocable (Kumar & Et. Al., 2007). Conclusion Ultimately, in the conclusion, ideas and concepts identified through literature have been defined. The major trends that have been identified through this research are regarding increased demand of using ATM system among the users and by the banks. With the improvement of technology, more and more financial organizations are using ATM technology for enhancing customer satisfaction. Besides, there is also increasing trend among people of using mobile system for small payment transactions. Along with convenience, these facilities also raise several security issues while conducting transactions through ATM or mobile system. ATM system confronts numerous kinds of fraud activities which impact on the security of transactions. Majority of time, the fraud activities includes card trapping, skipping, phishing, smishing, card cloning, and shoulder surfing. It can result in identity theft and theft of valuable money. Revelation of PIN number or card number is much vulnerable for credit as well as ATM cards. Despite several security issues there is huge demand for ATM services in the banking industry and it is experiencing substantial change. The major gap in ATM system or mobile transaction system is the lack of concern of people. People need to be much aware in order to avoid the threats of transaction risks. Once intruders successfully reveal the vital information about users’ account, the security measures are incompetent to defend users’ funds. References Bhattacharyya, D., & Et. Al., 2009. Biometric Authentication: A Review. International Journal of u- and e- Service, Science and Technology, 2(3), pp. 13 – 28. Carr, M., 2007. Mobile Payment Systems and Services: An Introduction. Institute for Development and Research in Banking Technology. [Online] Available at: http://www.mpf.org.in/pdf/Mobile%20Payment%20Systems%20and%20Services.pdf [Accessed December 12, 2011]. Commonwealth Bank of Australia, 2011. Customer Awareness Guide. ATM Card Skimming & PIN Capturing. [Online] Available at: http://www.commbank.com.au/personal/apply-online/download-printed-forms/ATM_awareness_guide.pdf [Accessed December 12, 2011]. Dare, T., 2011. Common ATM Security Challenges. ATM Security. [Online] Available at: http://aitec.usp.net/Banking%20&%20Mobile%20Money%20COMESA,%202-3%20March%202011,%20Nairobi/TopDare_NCR_BankingMobileMoneyCOMESA2-3Mar2011.pdf [Accessed December 12, 2011]. Emirates NBD Bank PJSC, 2011. USSD Mobile banking FAQ. Personal Banking. [Online] Available at: http://www.emiratesbank.ae/assets/cms/docs/personalbanking/waysOfBanking/USSD_FAQ_Customer2.pdf [Accessed December 12, 2011]. Frei, F., X., & Et. Al., 1998. Innovation in Retail Banking. The Wharton School. [Online] Available at: http://fic.wharton.upenn.edu/fic/papers/97/9748.pdf [Accessed December 12, 2011]. Fair Issac Corporation, 2005. Identifying and Controlling Debit Card Phishing Scams. ATM Industry Association. [Online] Available at: http://www.atmia.com/ClassLibrary/Page/Information/DataInstances/1538/Files/483/Identifying_&_Controlling_Debit_Card_Phishing_Scams.pdf [Accessed December 12, 2011]. Khan, M. A., 2010. An Empirical Study of Automated Teller Machine Service Quality and Customer Satisfaction in Pakistani Banks. European Journal of Social Sciences, 13(3), pp. 333 – 344. Kirk, J., 2011. Criminals Turn To 'Card-Trapping' At ATM Machines To Get Cash. PCWorld Communications, Inc. [Online] Available at: http://www.pcworld.com/businesscenter/article/242140/criminals_turn_to_cardtrapping_at_atm_machines_to_get_cash.html [Accessed December 12, 2011]. Kumar, M. & Et. Al., 2007. Reducing Shoulder-surfing by Using Gaze-based Password Entry. Stanford University. [Online] Available at: http://cups.cs.cmu.edu/soups/2007/proceedings/p13_kumar.pdf[Accessed December 12, 2011]. Liang, D., 1997. A Survey on ATM Security. Washington University in St. Louis. [Online] Available at: http://www.cs.wustl.edu/~jain/cis788-97/ftp/atm_security/index.htm [Accessed December 12, 2011]. Meela, C., 2010. ATM Card Cloning Shocks Resident. Benoni City Times. [Online] Available at: https://www.sabric.co.za/phpscripts/upload/doc/news_3114.pdf [Accessed December 12, 2011]. Mobile Payment Magazine, 2010. About Mobile Payments. Mobile Web Payments (WAP). [Online] Available at: http://mobilepaymentmagazine.com/mobile-web-payments-wap [Accessed December 12, 2011]. Mobile Payment Magazine, 2011. Research. Research Report: 2011 Contactless Near Field Communication (NFC) Mobile Payments. [Online] Available at: http://mobilepaymentmagazine.com/nfc-mobile-payments-report-2011 [Accessed December 12, 2011]. Motorola, Inc., 2011. Empower Your Customers And Your Associates With The Power of Contactless Near Field Communications (NFC). Solution Brief. [Online] Available at: http://www.motorola.com/web/Business/Products/Mobile%20Computers/Handheld%20Computers/MC75A_HF/_documents/_staticfiles/MC75A-HF-Solution-Brief.pdf [Accessed December 12, 2011]. Papaefstathiou, I. & Manifavas, C., 2004. Evaluation of Micropayment Transaction Costs. Journal of Electronic Commerce Research, 5(2), pp. 99 – 113. Scott, M. S., 2011. Robbery at Automated Teller Machines. Problem-Oriented Guides for Police Series. [Online] Available at: http://www.popcenter.org/problems/pdfs/Robbery_at_Automated_Teller.pdf [Accessed December 12, 2011]. Serrano, K. & Park, A., 2011. 'Smishing' Scammers May Hit Cellphones. USA TODAY. [Online] Available at: http://www.usatoday.com/tech/news/story/2011-10-18/smishing-bank-scam/50817688/1 [Accessed December 12, 2011]. VISA, 2011. New Visa Payment Service Speeds Up Small Value Transactions. Press Releases. [Online] Available at: http://www.visa-asia.com/ap/au/mediacenter/pressrelease/NR_AU_220611_VEPS.shtml [Accessed December 12, 2011]. Wang, Y., No Date. The Formal Design Model of an Automatic Teller Machine (ATM). University of Calgary. [Online] Available at: http://enel.ucalgary.ca/People/yingxu/Courses/SENG523/Tutorials/ATM%20Architecture.pdf [Accessed December 12, 2011]. Whelan, S., 2011. Automated Teller Machines. CAGP IT Innovation Series. [Online] Available at: http://www.cgap.org/gm/document-1.9.2757/IT_atm.pdf [Accessed December 12, 2011]. Yanez, M. & Gomez, A., No Date. ATM & Biometrics: A Socio-Technical Business Model. University of Miami. [Online] Available at: http://www.iamot.org/conference/index.php/ocs/4/paper/viewFile/1104/479 [Accessed December 12, 2011]. Bibliography Dawson, C. W., 2009. Projects In Computing And Information Systems: A Student's Guide. Addison-Wesley. Read More