Patent Grant
8746552
The present invention relates generally to the field of magnetic stripe cards and more particularly to card reader activity monitoring systems and methods.
The magnetic stripe of a magnetic stripe bankcard may be read by a magnetic read head of a card reader, for example, of an automated teller machine (ATM) to enable the cardholder to perform an ATM transaction. As is generally known, an ATM is a type of self-service financial transaction terminal that may also be referred to, for example, as an automated banking machine or a cash machine, as well as by various trade names. The card reader captures the cardholder's account and related information recorded on the magnetic stripe, which may be sent to a host processor coupled to the ATM. The host processor may use such information to route the transaction to the cardholder's bank. An ATM keypad may let the cardholder enter a personal identification number (PIN) and information about the transaction which the cardholder wishes to perform.
In addition, magnetic stripe card readers may be deployed to control access to areas, such as ATM lobbies or vestibules, that are provided with doors secured, for example, by electric, electronic, or electromechanical locks. Such door locks may be unlocked, for example, by inserting or swiping a properly encoded magnetic stripe card at a card reader. If the proper credentials are encoded on the magnetic stripe, a signal may be sent to the door lock to unlock the door and admit the cardholder. Such deployments are referred to herein as “door poppers”.
In recent years, huge economic losses have been incurred as a result of the theft and fraudulent use by criminals of cardholders' credentials recorded on the magnetic stripe of their bankcards. One way in which such theft occurs is a criminal practice referred to as “skimming” of bankcard information when a magnetic stripe bankcard is used by a cardholder, for example, in an otherwise legitimate transaction at an ATM or for access at a door popper of an ATM vestibule or lobby.
A typical skimming operations may involve criminals placing a device, such as an overlay with a skimming read head, over a card slot of an ATM or door popper which reads the magnetic stripe as the cardholder unknowingly passes his or her bankcard through the card slot to be read by the internal read head of the ATM or door popper. The skimming read head reads the same bankcard information that is read by the ATM or door popper read head and records or sends the information to the criminals.
Skimming overlays may also include a keypad overlay that matches up with buttons on the legitimate keypad beneath the overlay and records and sends the cardholders' PINs to the criminals. Regardless of the skimming technique used, it is important to criminal skimmers to make sure that the device at which their skimming activity occurs, such as an ATM or door popper, continues to work normally so that cardholders are unaware that their bankcard information is being illegally recorded.
In the past, various anti-skimming solutions have been deployed on ATMs and door poppers across the U.S. One such solution described in U.S. Pat. No. 8,622,296 entitled “Magnetic Stripe Card Reader Assembly and Method” has been introduced to protect ATM and door popper card readers with a design that is inherently resistant to skimming. Such a card reader assembly is configured to receive a bankcard in the card opening with its long edge first and the magnetic stripe of the bankcard perpendicular to the path of the bankcard as it is received so that it is impossible for an external skimming read head to read the magnetic stripe of the bankcard.
The solution described in U.S. Pat. No. 8,622,296 has done an effective job of preventing skimming at ATMs and door poppers. The particular solution represents a positive step in eliminating door popper fraud or skimming. However, once criminals realize the difficulty of skimming at a door popper on which the solution is deployed, they may seek to disable the door popper itself so that the door to an ATM vestibule remains unlocked. Such criminals may then substitute their own card reader to read and capture cardholders' magnetic stripe card data. In addition, such criminals may mount hidden or disguised miniature cameras on the ATMs in the ATM vestibule or lobby to capture the cardholders' PIN information as the cardholders use the ATMs.
There is a present need for systems and methods for monitoring door popper card reader activity that avoid exposing a cardholder's account information to potential theft by skimmers when the cardholder uses his or her magnetic stripe card at a door popper to access a locked premises, such as a bank branch or an ATM vestibule or lobby to perform an ATM transaction.
Embodiments of the invention may employ computer hardware and software, including, without limitation, one or more processors coupled to memory and non-transitory computer-readable storage media with one or more executable programs stored thereon which instruct the processors to perform the card reader activity monitoring described herein. Embodiments of the invention provide methods, systems, and machines for monitoring card reader activity that may involve, for example, receiving, using a processor coupled to memory, data regarding a level of activity of a card reader of an access door of a self-service financial transaction terminal vestibule; receiving, using the processor, data regarding a level of activity of a card reader of at least one self-service financial transaction terminal located within the self-service financial transaction terminal vestibule; comparing, using the processor, the level of activity of the card reader of the access door with the level of activity of the card reader of the at least one self-service financial transaction terminal; and generating, using the processor, an alert when a ratio of the level of activity of the card reader of the access door to the level of activity of the card reader of the at least one self-service financial transaction terminal falls below a predetermined value.
In aspects of embodiments of the invention, receiving the data regarding the level of activity of the card reader of the access door may involve, for example, receiving the data regarding the level of activity of the card reader of the access door by a processor of a door popper activity monitor. In other aspects, receiving the data regarding the level of activity of the card reader of the access door may involve, for example, receiving the data regarding the level of activity of the card reader of the access door by the processor of the door popper activity monitor from a processor of a door popper server. In further aspects, receiving the data regarding the level of activity of the card reader of the access door may involve, for example, receiving a notification message by the processor of the door popper activity monitor from the processor of the door popper server each time the processor of the door popper server sends an open door reply message to a processor of a door popper controller coupled to the card reader of the access door.
In further aspects of embodiments of the invention, receiving the data regarding the level of activity of the card reader of the at least one self-service financial transaction terminal may involve, for example, receiving the data regarding the level of activity of the card reader of the at least one self-service financial transaction terminal by a processor of a door popper activity monitor. In additional aspects, receiving the data regarding the level of activity of the card reader of the at least one self-service financial transaction terminal may involve, for example, receiving the data regarding the level of activity of the card reader of the at least one self-service financial transaction terminal by the processor of the door popper activity monitor from a self-service financial transaction terminal server. In still other aspects, receiving the data regarding the level of activity of the card reader of the at least one self-service financial transaction terminal may involve, for example, receiving a notification message by the processor of the door popper activity monitor from the processor of the self-service financial transaction terminal server each time the processor of the self-service financial transaction terminal server sends an authorization reply message to a processor of the at least one self-service financial transaction terminal.
In additional aspects of embodiments of the invention, comparing the level of activity of the card reader of the access door with the level of activity of the card reader of the at least one self-service financial transaction terminal may involve, for example, calculating the ratio of the level of activity of the card reader of the access door to the level of activity of the card reader of the at least one self-service financial transaction terminal. In other aspects, calculating the ratio may involve, for example, calculating the ratio of the level of activity of the card reader of the access door to the level of activity of the card reader of the at least one self-service financial transaction terminal based on data regarding the predetermined level of activity of the card reader of the access door and data regarding the predetermined level of activity of the card reader of the at least one self-service financial transaction terminal received during a predetermined period of time. In further aspects, calculating the ratio may involve, for example, calculating the ratio of the level of activity of the card reader of the access door to the level of activity of the card reader of the at least one self-service financial transaction terminal based on data regarding the predetermined level of activity of the card reader of the access door and data regarding the predetermined level of activity of the card reader of the at least one self-service financial transaction terminal received during a predetermined period of time when a locking mechanism of the access door is enabled.
In other aspects of embodiments of the invention, generating the alert may involve, for example, generating the alert by a processor of a door popper activity monitor. In further aspects, generating the alert may involve, for example, remotely disabling the at least one self-service financial transaction terminal when the ratio of the level of activity of the card reader of the access door to the level of activity of the card reader of the at least one self-service financial transaction terminal falls below the predetermined value. In still further aspects, generating the alert may involve, for example, generating the alert when the ratio of the level of activity of the card reader of the access door to the level of activity of the card reader of the at least one self-service financial transaction terminal falls below a predetermined adjustable value. In additional aspects, generating the alert may involve, for example, adjusting the predetermined adjustable value when a predetermined level of false alerts are generated. In still other aspects, adjusting the predetermined adjustable value may involve, for example, decreasing the predetermined adjustable value when the predetermined level of false alerts are generated.
These and other aspects of the invention will be set forth in part in the description which follows and in part will become more apparent to those skilled in the art upon examination of the following or may be learned from practice of the invention. It is intended that all such aspects are to be included within this description, are to be within the scope of the present invention, and are to be protected by the accompanying claims.
Reference will now be made in detail to embodiments of the invention, one or more examples of which are illustrated in the accompanying drawings. Each example is provided by way of explanation of the invention, not as a limitation of the invention. It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the scope or spirit of the invention. For example, features illustrated or described as part of one embodiment can be used in another embodiment to yield a still further embodiment. Thus, it is intended that the present invention cover such modifications and variations that come within the scope of the invention.
Embodiments of the invention involve, for example, monitoring and comparing the activity of an ATM lobby or vestibule door popper with a number of ATM sessions performed at ATMs located within the particular ATM lobby as an indicator of proper or improper functioning of the ATM vestibule access system and generating reports of such monitoring activities.
Referring further to
According to embodiments of the invention, the door popper activity monitor 102 may monitor both the door popper of an access door of an ATM lobby or vestibule and ATM traffic at ATMs 106, 108 located within the ATM vestibule or lobby. At predetermined intervals of time, the door popper activity monitor 102 may compare the monitored door popper activity with the monitored ATM traffic within the ATM lobby or vestibule and issue a warning if the ratio of one to the other falls outside a predetermined range.
It is to be understood that for an ATM lobby or vestibule at a bank branch, the door popper may be intentionally disabled so that the vestibule door is left unlocked during normal branch business hours. Thus, during normal business hours, no door popper activity may be expected while ATM traffic may occur as usual. Therefore, there is no need for door popper activity alerts, and the alert functionality of the door popper activity monitor 102 may be turned off by the bank.
On the other hand, after normal branch business hours, access to the ATM lobby or vestibule at the branch may be controlled by the door popper, and the door popper activity monitor 102 may therefore be turned on by the bank. During such times when access to the ATM lobby or vestibule at the branch is controlled by the door popper, both door popper activity and ATM transactions are expected.
In theory, there should always be some amount of door popper activity during such times when ATM sessions are occurring within the ATM lobby or vestibule and the vestibule door lock is operating properly. It is expected, however, that during those times, the door popper activity may be lower than the ATM activity because, for example, some customers may perform multiple ATM sessions and other customers may enter the ATM vestibule door by “tailgating” a customer who holds the door open.
In embodiments of the invention, a ratio of the door popper activity to the ATM activity within a particular ATM lobby or vestibule may be calculated periodically, such as hourly, by the door popper activity monitor 102. If the calculated ratio falls below a predetermined configurable number a door popper activity monitor alert may be generated. Such an alert may be caused, for example, by a skimmer disabling the ATM vestibule door lock and replacing or overlaying the door popper card reader 114 with a skimming card reader. Another cause for such an alert may be that the ATM vestibule door is simply jammed open so that customers may be entering the ATM vestibule without using the door popper reader 114. In either case, a technician may visit the site of the particular ATM vestibule to determine the cause of the alert.
Referring further to
Referring also to
In embodiments of the invention, when the response to a BIN inquiry message contains the “open door” reply to a particular door popper controller 112, the processor of the door popper server 110 may also send a message to the processor of the door popper activity monitor 102 containing an identification of the particular door popper controller 112. The receipt of such messages may enable the processor of the door popper activity monitor 102 to determine the traffic at ATM vestibule door poppers for any number of ATM vestibules. In addition, status messages may be received by the processor of the door popper activity monitor 102 to indicate if a particular ATM vestibule door lock has been turned off by bank personnel. Such status messages may be included, for example, with the message containing the identification of the particular door popper controller.
In embodiments of the invention, the processor of the door popper controller 112 may send the messages to the processor of the door popper activity monitor 102 to report if the ATM vestibule door has been disabled by bank personnel. To accomplish this, an input to the processor of the door popper controller 112 may monitor a state of a switch used, for example, by bank personnel to disable the vestibule door. Thus, messaging from processor of the door popper controller 112 to the processor of the door popper server 110 may, in turn, include a status of the vestibule door as “disabled”, for example, by bank personnel.
Referring once more to
In embodiments of the invention, the processor of the door popper activity monitor 102 may track and count ATM activity. Such door popper activity may be enabled when both the ATM vestibule door and door popper monitoring are enabled. In a door popper-to-ATM association aspect, each door popper may have a list of ATMs that are accessed using the particular door popper.
In embodiments of the invention, the total ATM activity of all ATMs served by a particular ATM vestibule door popper or located within the ATM vestibule may be tracked, and the total number of ATM sessions started or good card reads may be counted. Total numbers of ATM sessions for each hour of a current day and/or a current day and past day may be maintained. If a particular ATM or ATM vestibule is served by more than one door popper, the ATM activity may register for all door poppers that allow access to the particular ATM or ATM vestibule. The door popper activity may be tracked for each ATM lobby door popper, for example, by counting door popper “open door” responses to BIN query messages and maintaining a count of door popper “open door” responses for each predetermined period, such as each hour, of a current day and/or a current day and past day.
In embodiments of the invention, alert monitoring may show when door popper alert monitoring should be active, such as when an ATM vestibule door and door popper monitoring are both enabled. When an ATM vestibule door is disabled by bank personnel the particular door is free to open without requiring the use of a card reader. Typically ATM vestibule doors may be disabled by branch personnel using, for example, a key switch during normal branch business hours. When the ATM vestibule door is enabled, the door is under control of the door popper controller 112, and the card reader 114 must be used to open the door. Branch personnel may typically enable the ATM vestibule door lock when the branch is closed
Embodiments of the invention may include predefined alert condition parameters that include, for example, rules to generate an alert. Such predefined alert condition parameters may include, for example, a minimum period of time before reporting an alert, a minimum ATM sessions count, and a minimum ratio of door open responses to ATM sessions. In embodiments of the invention, a single set of predefined alert condition parameters may be used by all ATM vestibule door poppers of an entity. It is to be noted that the foregoing predefined alert condition parameters are examples only and embodiments of the invention may include any suitable alert condition parameters.
As noted, embodiments of the invention may employ one or more algorithms, an example of which may be an alert algorithm for determining when to send an alarm.
Referring further to
In embodiments of the invention, the ATM server 104 shown in
Referring further to
Referring again to
In embodiments of the invention, initial default settings may be coded into application software running, for example, on the processor of the door popper activity monitor software. Examples of default settings for configurable parameters for embodiments of the invention are also shown in
It is to be understood that embodiments of the invention may be implemented as processes of a computer program product, each process of which is operable on one or more processors either alone on a single physical platform, such as a personal computer, or across a plurality of platforms, such as a system or network, including networks such as the Internet, an intranet, a WAN, a LAN, a cellular network, or any other suitable network. Embodiments of the invention may employ client devices that may each comprise a computer-readable medium, including but not limited to, random access memory (RAM) coupled to a processor. The processor may execute computer-executable program instructions stored in memory. Such processors may include, but are not limited to, a microprocessor, an application specific integrated circuit (ASIC), and or state machines. Such processors may comprise, or may be in communication with, media, such as computer-readable media, which stores instructions that, when executed by the processor, cause the processor to perform one or more of the steps described herein.
It is also to be understood that such computer-readable media may include, but are not limited to, electronic, optical, magnetic, RFID, or other storage or transmission device capable of providing a processor with computer-readable instructions. Other examples of suitable media include, but are not limited to, CD-ROM, DVD, magnetic disk, memory chip, ROM, RAM, ASIC, a configured processor, optical media, magnetic media, or any other suitable medium from which a computer processor can read instructions. Embodiments of the invention may employ other forms of such computer-readable media to transmit or carry instructions to a computer, including a router, private or public network, or other transmission device or channel, both wired or wireless. Such instructions may comprise code from any suitable computer programming language including, without limitation, C, C++, C#, Visual Basic, Java, Python, Perl, and JavaScript.
It is to be further understood that client devices that may be employed by embodiments of the invention may also comprise a number of external or internal devices, such as a mouse, a CD-ROM, DVD, keyboard, display, or other input or output devices. In general such client devices may be any suitable type of processor-based platform that is connected to a network and that interacts with one or more application programs and may operate on any suitable operating system. Server devices may also be coupled to the network and, similarly to client devices, such server devices may comprise a processor coupled to a computer-readable medium, such as a random access memory (RAM). Such server devices, which may be a single computer system, may also be implemented as a network of computer processors. Examples of such server devices are servers, mainframe computers, networked computers, a processor-based device, and similar types of systems and devices.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4237799 | Berman | Dec 1980 | A |
| 6298603 | Diaz | Oct 2001 | B1 |
| 6508398 | Estes | Jan 2003 | B1 |
| 7075429 | Marshall | Jul 2006 | B2 |
| 7641107 | Gill et al. | Jan 2010 | B1 |
| 7810734 | Rakoff et al. | Oct 2010 | B2 |
| 8474704 | Grimm et al. | Jul 2013 | B1 |
| 20050270149 | Standing | Dec 2005 | A1 |
| 20080074496 | Venetianer et al. | Mar 2008 | A1 |
| 20090267764 | Klaas et al. | Oct 2009 | A1 |
| 20130024300 | Choudhuri et al. | Jan 2013 | A1 |
| 20130264386 | Greenspan | Oct 2013 | A1 |
| 20130265136 | Wadia | Oct 2013 | A1 |
| 20130299585 | Yokomoto et al. | Nov 2013 | A1 |
| Number | Date | Country |
|---|---|---|
| 2446425 | Aug 2008 | GB |
| WO 2013149310 | Oct 2013 | WO |
| Entry |
|---|
| Albanese et al., “Fast Activity Detection: Indexing for Temporal Stochastic Automation-Based Activity Models”, IEEE Transactions on Knowledge and Data Engineering, vol. 25, Issue 2, Feb. 2013, pp. 360-373. |
| Tarman et al., “Asynchronous Transfer Mode (ATM) Intrusion Detection”, Military Communications Conference, Milcom 2001, Communications for Network-Centric Operations: Creating the Information Force, IEEE, vol. 1, 2001, pp. 87-91. |
| IP.Com et al., “Alert PIN for Personal Banking Terminals”, IP.Com Prior Art Database Technical Disclosure, IPCOM000104652D, Mar. 19, 2005, pp. 1-5. |
