Where does all the money go

1
Where does all the money go ?

• Part 1 ATMs and Electronic Money
• Howard Duncan

2
Automated Teller Machines
3
Typical System Features
4
Typical System Features

• NOTE DISPENSER 2/4 cassettes. Max. filling height
  350 mm per cassette. Single reject and bundle
  retract into separate note compartments. Up to
  100 notes in a bundle. Friction feed technology.

DISPLAY 10-inch SVGA compatible colour display.
Resolution 1024 by 768 pixels. 4 plus 4 menu
keys supporting NDC and D911/912 emulation.
RECEIPT PRINTER Bi-directional serial dot matrix
technology. Paper width 76 mm (40 columns),
length approx. 700 m (9000 receipts).
JOURNAL Electronic or paper journal. Paper width
76 mm, (40 column), length approx. 60 m (3700
transactions).
CARD READER Magnetic strips reader, reading track
2. Hybrid reader, reading/encoding tracks 1-3
with smart card support. Card return on power
failure. Lockable card capture bin.
CUSTOMER KEYBOARD 16-key keyboard with optional
encryption feature. Recessed into fascia for
enhanced privacy.
ELECTRONIC SECURITY NBS-DES with local or remote
PIN message authentication.
PHYSICAL SECURITY Standard 12 mm, UL291 Level 1
(for 24 hour service).
SYSTEM ARCHITECTURE System controller based on
industry standard PC including standard
communication boards. NDC and D911/912 network
interfaces. Cash application providing standard
application framework. XFS CEN/ISSS Service
Providers.
5
How Do ATMs Work?

• An ATM is a data terminal with two input and four
  output devices. Like any other data terminal, the
  ATM has to connect to, and communicate through, a
  host processor.
• The host processor is analogous to an Internet
  service provider (ISP) in that it is the gateway
  through which all the various ATM networks become
  available to the cardholder (the person wanting
  the cash).

6
How Do ATMs Work?

• Most host processors can support either
  leased-line or dial-up machines.
• Leased-line machines connect directly to the host
  processor through a four-wire, point-to-point,
  dedicated telephone line.
• Preferred for very high-volume locations because
  of their through-put capability
• Dial-up ATMs connect to the host processor
  through a normal phone line using a modem and a
  toll-free number, or through an Internet service
  provider using a local access number via a modem.
• Preferred for retail merchant locations where
  cost is a greater factor than through-put.

7

• The host processor may be owned by a bank or
  financial institution, or it may be owned by an
  independent service provider. Bank-owned
  processors normally support only bank-owned
  machines, whereas the independent processors
  support merchant-owned machines.

8
Parts of the Machine

• An ATM has two input devices
• Card reader - captures the account information
  stored on the magnetic stripe on the back of an
  ATM/debit or credit card. The host processor uses
  this information to route the transaction to the
  cardholder's bank.
• Keypad - lets the cardholder indicate the type of
  transaction (cash withdrawal, balance inquiry,
  etc.) and the amount. Also, the bank requires the
  cardholder's personal identification number (PIN)
  for verification. The PIN block is sent to the
  host processor in encrypted form.

9
Parts of the Machine

• An ATM has four output devices.
• Speaker - provides the cardholder with auditory
  feedback when a key is pressed.
• Display screen - prompts the cardholder through
  each step of the transaction process. Leased-line
  machines commonly use a monochrome or color CRT
  (cathode ray tube) display. Dial-up machines
  commonly use a monochrome or color LCD.
• Receipt printer - provides the cardholder with a
  paper receipt of the transaction.
• Cash dispenser - The heart of an ATM is the safe
  and cash- dispensing mechanism. The entire bottom
  portion of most small ATMs is a safe that
  contains the cash.

10
Cash dispenser

• The cash-dispensing mechanism has an electric eye
  that counts each note as it exits the dispenser.
  The note count and all of the information
  pertaining to a particular transaction is
  recorded in a journal. The journal information is
  printed out periodically and a hard copy is
  maintained by the machine owner for two years.
  Whenever a cardholder has a dispute about a
  transaction, he or she can ask for a journal
  printout showing the transaction, and then
  contact the host processor. If no one is
  available to provide the journal printout, the
  cardholder needs to notify the bank or
  institution that issued the card and fill out a
  form that will be faxed to the host processor. It
  is the host processor's responsibility to resolve
  the dispute.
• Besides the electric eye that counts each note,
  the cash-dispensing mechanism also has a sensor
  that evaluates the thickness of each note. If two
  notes are stuck together, then instead of being
  dispensed to the cardholder they are diverted to
  a reject bin. The same thing happens with a note
  that is excessively worn or torn, or is folded.
• The number of reject notes is also recorded so
  that the machine owner can be aware of the
  quality of notes that are being loaded into the
  machine. A high reject rate would indicate a
  problem with the notes or with the dispenser
  mechanism.

11
Types of cards

• ATM Cards
• Cheque guarantee cards
• Credit cards
• Debit cards
• Smart cards
• Various combinations of these.

12
The Credit Card Cycle
1
13
The Credit Card Cycle
I
2
14
The Credit Card Cycle
I
3
15
How does the stripe on the back of the card work?

• The stripe on the back of a credit card is a
  magnetic stripe, often called a magstripe. The
  magstripe is very similar to a piece of cassette
  tape fastened to the back of a card.
• Instead of motors moving the tape so that it can
  be read, your hand provides the motion as you
  "swipe" the card through a reader or insert it in
  a reader at the ATM.

16
How does the stripe on the back of the card work?

• The magstripe has three tracks. Each track is
  .110-inch wide. The ISO/IEC standard 7811, which
  is used by banks, specifies
• Track one is 210 bits per inch (bpi), and holds
  79 six-bit plus parity bit read-only characters.
• Track two is 75 bpi, and holds 40 four-bit plus
  parity bit characters.
• Track three is 210 bpi, and holds 107 four-bit
  plus parity bit characters.

17
Track 1 (read-only)

• Start sentinel -- 1 character
• Format code"B" -- 1 character (alpha only)
• Primary account number -- up to 19 characters
• Separator -- 1 character
• Country code -- 3 characters
• Name -- 2-26 characters
• Separator -- 1 character
• Expiration date or separator -- 4 characters or 1
  character
• Discretionary data -- enough characters to fill
  out maximum record length (79 characters total)
• End sentinel -- 1 character
• Longitudinal Redundancy Check (LRC), a form of
  computed check character -- 1 character

18
Track 2 Banking info.

• Start sentinel -- 1 character
• Primary account number - up to 19 characters
• Separator -- 1 character
• Country code -- 3 characters
• Expiration date or separator -- 4 characters or 1
  character
• Discretionary data -- enough characters to fill
  out maximum record length (40 characters total)
• LRC -- 1 character
• Track three is a read/write track (that includes
  an encrypted PIN, country code, currency units,
  amount authorized), but its usage is not
  standardized among banks.

19
What the numbers stand for

• Digit 1 is the system
• 3 - travel/entertainment cards
• 4 - Visa
• 5 - MasterCard
• 6 - Discover Card
• The structure of the rest of card number varies
  by system, but will include a check digit.

20
Smart Cards

• The "smart" credit card is an application that
  involves all aspects of cryptography, not just
  authentication. A Smart Card has a microprocessor
  built into the card itself. Cryptography is
  essential to the functioning of these cards in
  several ways
• The user must corroborate his identity to the
  card each time a transaction is made, in much the
  same way that a PIN is used with an ATM.
• The card and the card reader execute a sequence
  of encrypted sign/countersign-like exchanges to
  verify that each is dealing with a legitimate
  counterpart.
• Then the transaction itself is carried out in
  encrypted form to prevent anyone, including the
  cardholder or the merchant whose card reader is
  involved, from "eavesdropping" on the exchange
  and later impersonating either party to defraud
  the system.

21
(No Transcript)
22
Financial card systems

• Use a variety of technologies
• Mag stripe cards
• Smart Cards
• Communications
• Dial-up
• Leased line
• Satellite
• Back-end servers
• World Wide Web
• Transaction routing
• Transaction processing
• Database