An ATM Security Measure to Prevent Unauthorized Deposit with a Smart Card

Hisao OGATA  Tomoyoshi ISHIKAWA  Norichika MIYAMOTO  Tsutomu MATSUMOTO  

IEICE TRANSACTIONS on Information and Systems   Vol.E103-D   No.3   pp.590-601
Publication Date: 2020/03/01
Publicized: 2019/12/09
Online ISSN: 1745-1361
DOI: 10.1587/transinf.2019EDP7143
Type of Manuscript: PAPER
Category: Dependable Computing
ATM,  security,  malware,  network,  cryptography,  device,  

Full Text: PDF(2.9MB)>>
Buy this Article

Recently, criminals frequently utilize logical attacks to Automated Teller Machines (ATMs) and financial institutes' (FIs') networks to steal cash. We proposed a security measure utilizing peripheral devices in an ATM for smart card transactions to prevent “unauthorized cash withdrawals” of logical attacks, and the fundamental framework as a generalized model of the measure in other paper. As the measure can prevent those logical attacks with tamper-proof hardware, it is quite difficult for criminals to compromise the measure. However, criminals can still carry out different types of logical attacks to ATMs, such as “unauthorized deposit”, to steal cash. In this paper, we propose a security measure utilizing peripheral devices to prevent unauthorized deposits with a smart card. The measure needs to protect multiple transaction sub-processes in a deposit transaction from multiple types of logical attacks and to be harmonized with existing ATM system/operations. A suitable implementation of the fundamental framework is required for the measure and such implementation design is confusing due to many items to be considered. Thus, the measure also provides an implementation model analysis of the fundamental framework to derive suitable implementation for each defense point in a deposit transaction. Two types of measure implementation are derived as the result of the analysis.