Full Text Views
40
Recently, criminals frequently utilize logical attacks to install malware in the PC of Automated Teller Machines (ATMs) for the sake of unauthorized cash withdrawal from ATMs. Malware in the PC sends unauthorized cash dispensing commands to the dispenser to withdraw cash without generating a transaction. Existing security measures primarily try to protect information property in the PC so as not to be compromised by malware. Such security measures are not so effective or efficient because the PC contains too many protected items to tightly control them in present ATM operational environments. This paper proposes a new ATM security measure based on secure peripheral devices; the secure dispenser in an ATM verifies the authenticity of a received dispensing command with the withdrawal transaction evidence, which is securely transferred from the secure card reader of an ATM. The card reader can capture the transaction evidence since all transaction data flows through the card reader in a smart card transaction. Even though the PC is compromised, unauthorized dispensing commands are not accepted by the secure dispenser. As a result, the new security measure does not impose heavy burden of tighter security managements for the PCs on financial institutes while achieving stringent security for the logical attacks to ATMs.
Hisao OGATA
Hitachi-Omron Terminal Solutions, Corp.,Yokomaha National University
Tomoyoshi ISHIKAWA
Hitachi-Omron Terminal Solutions, Corp.
Norichika MIYAMOTO
Hitachi-Omron Terminal Solutions, Corp.
Tsutomu MATSUMOTO
Yokomaha National University
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Hisao OGATA, Tomoyoshi ISHIKAWA, Norichika MIYAMOTO, Tsutomu MATSUMOTO, "An ATM Security Measure for Smart Card Transactions to Prevent Unauthorized Cash Withdrawal" in IEICE TRANSACTIONS on Information,
vol. E102-D, no. 3, pp. 559-567, March 2019, doi: 10.1587/transinf.2018EDP7136.
Abstract: Recently, criminals frequently utilize logical attacks to install malware in the PC of Automated Teller Machines (ATMs) for the sake of unauthorized cash withdrawal from ATMs. Malware in the PC sends unauthorized cash dispensing commands to the dispenser to withdraw cash without generating a transaction. Existing security measures primarily try to protect information property in the PC so as not to be compromised by malware. Such security measures are not so effective or efficient because the PC contains too many protected items to tightly control them in present ATM operational environments. This paper proposes a new ATM security measure based on secure peripheral devices; the secure dispenser in an ATM verifies the authenticity of a received dispensing command with the withdrawal transaction evidence, which is securely transferred from the secure card reader of an ATM. The card reader can capture the transaction evidence since all transaction data flows through the card reader in a smart card transaction. Even though the PC is compromised, unauthorized dispensing commands are not accepted by the secure dispenser. As a result, the new security measure does not impose heavy burden of tighter security managements for the PCs on financial institutes while achieving stringent security for the logical attacks to ATMs.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2018EDP7136/_p
Copy
@ARTICLE{e102-d_3_559,
author={Hisao OGATA, Tomoyoshi ISHIKAWA, Norichika MIYAMOTO, Tsutomu MATSUMOTO, },
journal={IEICE TRANSACTIONS on Information},
title={An ATM Security Measure for Smart Card Transactions to Prevent Unauthorized Cash Withdrawal},
year={2019},
volume={E102-D},
number={3},
pages={559-567},
abstract={Recently, criminals frequently utilize logical attacks to install malware in the PC of Automated Teller Machines (ATMs) for the sake of unauthorized cash withdrawal from ATMs. Malware in the PC sends unauthorized cash dispensing commands to the dispenser to withdraw cash without generating a transaction. Existing security measures primarily try to protect information property in the PC so as not to be compromised by malware. Such security measures are not so effective or efficient because the PC contains too many protected items to tightly control them in present ATM operational environments. This paper proposes a new ATM security measure based on secure peripheral devices; the secure dispenser in an ATM verifies the authenticity of a received dispensing command with the withdrawal transaction evidence, which is securely transferred from the secure card reader of an ATM. The card reader can capture the transaction evidence since all transaction data flows through the card reader in a smart card transaction. Even though the PC is compromised, unauthorized dispensing commands are not accepted by the secure dispenser. As a result, the new security measure does not impose heavy burden of tighter security managements for the PCs on financial institutes while achieving stringent security for the logical attacks to ATMs.},
keywords={},
doi={10.1587/transinf.2018EDP7136},
ISSN={1745-1361},
month={March},}
Copy
TY - JOUR
TI - An ATM Security Measure for Smart Card Transactions to Prevent Unauthorized Cash Withdrawal
T2 - IEICE TRANSACTIONS on Information
SP - 559
EP - 567
AU - Hisao OGATA
AU - Tomoyoshi ISHIKAWA
AU - Norichika MIYAMOTO
AU - Tsutomu MATSUMOTO
PY - 2019
DO - 10.1587/transinf.2018EDP7136
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E102-D
IS - 3
JA - IEICE TRANSACTIONS on Information
Y1 - March 2019
AB - Recently, criminals frequently utilize logical attacks to install malware in the PC of Automated Teller Machines (ATMs) for the sake of unauthorized cash withdrawal from ATMs. Malware in the PC sends unauthorized cash dispensing commands to the dispenser to withdraw cash without generating a transaction. Existing security measures primarily try to protect information property in the PC so as not to be compromised by malware. Such security measures are not so effective or efficient because the PC contains too many protected items to tightly control them in present ATM operational environments. This paper proposes a new ATM security measure based on secure peripheral devices; the secure dispenser in an ATM verifies the authenticity of a received dispensing command with the withdrawal transaction evidence, which is securely transferred from the secure card reader of an ATM. The card reader can capture the transaction evidence since all transaction data flows through the card reader in a smart card transaction. Even though the PC is compromised, unauthorized dispensing commands are not accepted by the secure dispenser. As a result, the new security measure does not impose heavy burden of tighter security managements for the PCs on financial institutes while achieving stringent security for the logical attacks to ATMs.
ER -