Increasingly consumers are conducting financial transactions through Self-Service Terminals (SSTs) without the assistance of a clerk. In fact, in many cases these transactions are conducted without any individual in the vicinity of the SSTs; other than, perhaps, a security camera integrated into the SSTs or in proximity to the SSTs.
The most common SST transaction occurs by a customer at an Automated Teller Machine (ATM). Contrary to what the general public believes, ATMs can be compromised and in some ways in a manner that takes advantage of inherent security holes of existing ATMs.
For example, in a typical ATM transaction a customer inserts a bank card into a card reader and then enters a Personal Identification Number (PIN) into an encrypted PIN keypad. Software on the ATM receives that encrypted information, which the ATM software cannot decrypt and sends it to an appropriate backend financial system for authentication. The financial sends returns an authorization code to the ATM software and the customer selects and account and an amount to withdraw. This is then sent to the financial system for verification. Again, the financial system returns an authentication. Next, the ATM sends a dispense command to a dispenser and the dispenser dispenses the currency amount associated with the withdrawal.
In the above scenario, if the ATM software can be replaced or modified then the amount for withdraw sent to the dispenser can be changed or can be repeated multiple times; thereby fraudulently depleting the ATM of all its currency. Such fraudulent depleting is of particular concern to the owners and operators of the ATMs because the financial system tied to a transaction may only honor the initial authorized amount for withdrawal, leaving the ATM owner and operator with no recourse to recoup the stolen funds.
In various embodiments, dispense transactions are suspended on a self-service terminal upon detection of potentially fraudulent activity.
According to an embodiment, commands performed on the self-service terminal are monitored to detect fraudulent activity. If a pattern of commands appears to be potentially fraudulent, a dispenser may be placed in a suspend mode.
The ATM, techniques, methods, and Self-Service Terminal (SST) presented herein and below for detecting fraudulent command patterns and suspending dispense operation can be implemented in whole or in part in one, all, or some combination of the components shown with ATM 100. The techniques and methods are programmed as executable instructions in memory and/or non-transitory computer-readable storage media and processed on one or more processors associated with the various components.
The discussion of the ATM 100 is within the context of multiple transactions and is also applicable to any enterprise providing Self-Service Terminals (SSTs). Thus, the description that follows below is but one embodiment of the invention and it not intended to limit the invention to only financial transactions on the ATM 100.
ATM 100 includes a controller 110 that in one embodiment includes a processor 115 and memory 120 for executing commands while processing transactions. Programming for the controller 110 is stored in storage device 125 which is coupled via a connector 127 to the controller 110 and provides operating system code, an operating platform, and various applications to the memory 120 for execution by processor 115. A network controller 130 is also coupled via connector 127 to communicate with a remote server 132 or for checking account balances and otherwise supporting operation of ATM 100.
Connector 127 may be a backbone type of connector such as a system bus to connect multiple components of ATM 100, including a display and display controller represented at 135, a card reader 140, an authentication module 145 such as an encrypting keypad for entry of personal identification numbers (PIN), sometimes referred to as a PINpad 145, and a printer 150 to print receipts and balance information. Each of these components execute commands from the processor resulting from customer transactions.
Controller 110 is also coupled to a dispenser 155 that processes commands to dispense media as part of performing transactions, and implementing diagnostic functions. The dispenser 155 in one embodiment includes a dispense control module 160 which may utilize circuitry such as firmware and a secure microprocessor such as indicated at 162.
The ATM 100 is presented in greatly simplified form and is used to illustrate portions of components modified for purposes of monitoring commands and suspending dispense operations when a fraudulent pattern of commands is detected.
The memory 120 includes an ATM application 122 providing an application programming interface (API) for interacting with the dispenser 155 and the remote host 132. The ATM application 122 also includes a forward-facing Graphical User Interface (GUI and not shown in the
The memory 120 also includes device drivers 123 for providing low-level commands for controlling various ATM devices (including the card reader 140, the encrypting PINpad 145, the printer 150, and the dispenser 155. The device drivers 123 include a fraud detection module 124 that detects events generated by devices within the ATM 100 and commands issued to devices within the ATM 100. As will be described in more detail below, the fraud detection module 124 operates to detect patterns of device operation and to identify any patterns that may indicate fraudulent operation of the ATM 100 or any of the devices therein.
The dispenser 155 is coupled to or integrated within the ATM 100 and can perform dispense functions responsive to requests. The coupling can be via a Universal Serial Bus (USB) port interface or other port interface, again represented by connector 127. The dispenser 155 includes a conventional dispensing mechanism (not shown) for dispensing currency to a customer. The dispensing mechanism is capable of counting the currency from available denominations and activating a door for dispensing the counted currency. The dispenser 155 may only be accessible for interaction through the ATM application 122 in memory 120 as executed on processor 115.
The dispenser secure microprocessor 162 in one embodiment is not accessible to any of the API calls made by the ATM application 122. The secure microprocessor 162 may house cryptographic keys, certificates, and one or more cryptographic algorithms (functions). In some cases, the secure microprocessor 162 is pre-manufactured with the keys, certificates, and functions. In other cases, the keys, certificates, and functions can be installed on the secure microprocessor 162 by removing the dispenser 155 from the ATM 100 and interfacing the dispenser 155 to an independent secure device for installation and initial configuration.
The dispenser 155 also includes a dispenser fraud detection module 163 that is operable to monitor dispense commands and to detect any pattern of dispense commands that may be indicative of fraud, as will be described in more detail below.
The interaction of the components is now discussed with an example configuration and operational scenario. It is noted that other scenarios are possible without departing from the beneficial teachings provided herein.
In one typical example ATM transaction, a customer approaches the ATM 100 to withdraw some cash (currency or money). The GUI portion of the ATM application 122 typically presents an attract screen until such time as a customer inserts his/her card into the card reader 140. The customer's card is then read and the ATM controller 122 presents a sequence of screens to collate transaction information from the customer. The ATM controller 122 also issues commands to various devices as part of the information collation. For example, the ATM controller 122 enables the encrypting PINpad 145 when a PIN entry screen is presented to the customer.
In a typical ATM transaction at the ATM 100, a customer will insert his/her card, enter his/her PIN, then request a transaction type and amount. The requested transaction will then be authorized by the remote host 132. If authorized, a dispense command will be issued by the ATM controller 122 to the dispenser 155. However, if the fraud detection module 124 does not detect any events relating to the card reader 140 and/or the encrypting PINpad 145, then the fraud detection module 124 will indicate that this is a potentially fraudulent transaction. It should be appreciated that various events (or the absence thereof) from different devices may be used as indicators of potential fraudulent activity.
In addition to fraud detection via the fraud detection module 124 performed for example by the controller 110 of the ATM 100, the dispenser 155 may also detect potentially fraudulent patterns. Dispenser fraud detection module 163 may recognize a pattern of continual dispensing and identify that as potentially fraudulent. For example, if dispense commands are received within a defined time period that is deemed not sufficient for a transaction to be authorized (the minimum transaction time) then this may be indicative of fraud.
In some embodiments one set of commands may relate to transaction dispenses, whereas, a different set of commands may relate to diagnostic dispenses of the type that an authorized person would use when testing the dispenser 155 during servicing or repair of the dispenser 155. In such embodiments, if the dispense commands relate to diagnostic tests from an authorized person, then the fraud detection module 124 may not take any action even if the time period between dispense commands is shorter than the defined minimum transaction time. However, if the dispense commands relate to customer transaction commands, then the fraud detection module 124 may put the dispenser 155 into a suspend mode in which no further transactions are performed. A suspend mode may be any type of mode or state that the dispenser 155 may be placed in to prevent execution of dispense commands.
In one embodiment, the fraud detection module 124 monitors a software stack at 210 and uses commands provided from the stack to generate patterns of commands at 215 that are being processed by the ATM 100. In the case of fraud detection module 163, the monitored commands may be dispense commands received. The patterns of commands may include several different types of patterns that have been associated or may be associated with attempts to jackpot the ATM 100. Examples include but are not limited to deviations from typical sets of commands associated with normal withdrawals, such as many dispense commands associated with a single authentication, a high number of dispense commands in consecutive transactions at a frequency approaching ATM capabilities, multiple dispense commands of the same amount, multiple transactions not usually performed by a given customer, and more. As seen from the above examples, the term “pattern” is used to identify both a sequential set of commands as well as a filtered set of commands, and even a statistical analysis of commands, such as the frequency of a dispense command, and including the frequency and relationship of other commands, such as the frequency of the dispense command compared to authentication commands.
At 220, the patterns may be analyzed to identify potentially fraudulent command patterns. The analysis may be based on thresholds or a combination of thresholds and comparison to known patterns. At 225 the method suspends operation of the dispenser 155 responsive to the identification of potential fraud.
In various embodiments, patterns of potential fraud include a number of dispense commands within an identified time period, a number of consecutive dispense commands associated with a same account number, a pattern of continual dispense commands without corresponding cardholder authentication commands.
In one embodiment, a pattern of potential fraud comprises a number of dispense commands within an identified time period. This type of pattern may be detected via fraud detection module 163 in dispenser 155, and/or alternatively in fraud detection module 124. The number of dispense commands comprises n in one embodiment, and the identified time period is n times an average transaction time, wherein n is greater than or equal to 4. Each different type of ATM may have a different average time per transaction. In one example, if an average transaction time is thirty seconds, a pattern of four dispense commands in two minutes or less may be suspicious, and constitute a suspicious pattern. An ATM having a different average transaction time may utilize a different time period for identifying suspicious patterns.
In a further embodiment, a pattern of potential fraud comprises a number of consecutive dispense commands associated with a same account number, or a pattern of multiple dispense commands without corresponding cardholder authentication commands. This type of fraud detection may be detected by fraud detection module 124, or optionally fraud detection module 163 if the dispenser 155 is adapted to monitor multiple types of commands from controller 110.
In some embodiments, a pattern of potential fraud is location dependent, or based on a pattern of commands deviating from a specific customer's commonly performed transactions. Many other suspicious patterns may be identified and included over time as fraud perpetration attempts change and become more creative.
In a further embodiment a self-service terminal (SST), comprises a controller, a token reader coupled to the controller and operable to receive identification information from a customer, and a dispenser coupled to the controller and operable to dispense media to the customer. The SST includes a fraud module operable to monitor events associated with the token reader and the dispenser and identify potential fraud when the monitored events fulfil a potential fraud criterion. The token reader may for instance provide plain text information such as encrypted PIN pad outputs.
The token reader may be a card reader, near field communication (NFC) device, Bluetooth® device, biometric sensor or other device to authenticate a customer. The fraud module may be provided in the dispenser or elsewhere in the SST, and may be formed of hardware, firmware, software, hardware, application code, or any combination thereof. In one embodiment, the monitored commands may include notifications of events generated by different components of modules of the SST, such as card insert events and dispense events.
The fraud module may be further operable to place the dispenser in a suspend mode when potential fraud is identified, or send an alert to the controller to place the dispenser in a suspend mode when potential fraud is identified.
The potential fraud criterion may comprise: the events not occurring in a pre-defined sequence; more than a defined maximum number of events including information relating to the same customer (optionally within a defined time period); successive dispense operations being performed in less than a minimum transaction time;
1. A method comprising:
2. The method of example 1, wherein the method is performed by firmware in the dispenser of the self-service terminal.
3. The method of any of examples 1-2 wherein one pattern of potential fraud comprises a number of dispense commands within an identified time period.
4. The method of any of examples 1-3 wherein one pattern of potential fraud comprises a number of consecutive dispense commands associated with a same account number.
5. The method of any of examples 1-4, wherein one pattern of potential fraud comprises a pattern of continual dispense commands without corresponding cardholder authentication commands.
6. The method of any of examples 1-5, wherein suspending operation of the dispenser comprises placing the dispenser in a suspend mode.
7. The method of any of examples 1-6, wherein the method is performed by firmware in the dispenser of the self-service terminal comprising an automated teller machine.
8. A method comprising:
9. The method of example 8 wherein one pattern of potential fraud comprises a number of dispense commands within an identified time period.
10. The method of example 9 wherein the number of dispense commands comprises n, and the identified time period is n times an average transaction time, wherein n is greater than or equal to 4.
11. The method of any of examples 8-10 wherein one pattern of potential fraud comprises a number of consecutive dispense commands associated with a same account number.
12. The method of any of examples 8-11 wherein one pattern of potential fraud comprises a pattern of multiple dispense commands without corresponding cardholder authentication commands.
13. The method of any of examples 8-12 wherein one pattern of potential fraud is location dependent.
14. The method of any of examples 8-13 wherein one pattern of potential fraud is based on a pattern of commands corresponding to a specific customer's commonly performed transactions.
15. The method of any of examples 8-14, wherein the method is performed by firmware in the dispenser of the self-service terminal comprising an automated teller machine.
16. A Self-Service Terminal (SST), comprising:
17. The SST of example 16 wherein one pattern of potential fraud comprises a number of dispense commands within an identified time period.
18. The SST of any of examples 16-17 wherein the number of dispense commands comprises n, and the identified time period is n times an average transaction time, wherein n is greater than or equal to 4.
19. The SST of any of examples 16-18 wherein one pattern of potential fraud comprises a number of consecutive dispense commands associated with a same account number.
20. The SST of any of examples 16-19 wherein one pattern of potential fraud comprises a pattern of multiple dispense commands without corresponding cardholder authentication commands.
It should be appreciated that where software is described in a particular form (such as a component or module) this is merely to aid understanding and is not intended to limit how software that implements those functions may be architected or structured. For example, modules may be illustrated as separate modules, but may be implemented as homogenous code, as individual components, some, but not all of these modules may be combined, or the functions may be implemented in software structured in any other convenient manner.
Furthermore, although the software modules are illustrated as executing on one piece of hardware, the software may be distributed over multiple processors of a single device, or in any other convenient manner.
The above description is illustrative, and not restrictive. Many other embodiments will be apparent to those of skill in the art upon reviewing the above description. The scope of embodiments should therefore be determined with reference to the appended claims, along with the full scope of equivalents to which such claims are entitled.
In the foregoing description of the embodiments, various features are grouped together in a single embodiment for the purpose of streamlining the disclosure. This method of disclosure is not to be interpreted as reflecting that the claimed embodiments have more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive subject matter lies in less than all features of a single disclosed embodiment. Thus the following claims are hereby incorporated into the Description of the Embodiments, with each claim standing on its own as a separate exemplary embodiment.
This application is a continuation of U.S. application Ser. No. 16/705,383, filed on Dec. 6, 2019, which is a division of U.S. application Ser. No. 14/231,011, filed on Mar. 31, 2014, which applications and publications are incorporated herein by reference in their entirety.
Number | Name | Date | Kind |
---|---|---|---|
4514623 | Baus | Apr 1985 | A |
5010238 | Kadono | Apr 1991 | A |
5945602 | Ross | Aug 1999 | A |
6390067 | Haltiner, Jr. | May 2002 | B1 |
6390367 | Doig | May 2002 | B1 |
6400276 | Clark | Jun 2002 | B1 |
6583864 | Stanners | Jun 2003 | B1 |
7093750 | Block | Aug 2006 | B1 |
7118031 | Ramachandran | Oct 2006 | B2 |
7151451 | Meskens et al. | Dec 2006 | B2 |
7194414 | Savage | Mar 2007 | B1 |
7240827 | Ramachandran | Jul 2007 | B2 |
7469825 | Clark | Dec 2008 | B2 |
7575166 | McNamara | Aug 2009 | B2 |
7583290 | Enright | Sep 2009 | B2 |
7798395 | Ramachandran | Sep 2010 | B2 |
7856401 | Ross | Dec 2010 | B2 |
7971779 | Jenkins | Jul 2011 | B2 |
7995791 | Flook | Aug 2011 | B2 |
8057737 | Deura | Nov 2011 | B2 |
8255993 | Cooley | Aug 2012 | B2 |
8395500 | Dent | Mar 2013 | B1 |
8397991 | Mueller | Mar 2013 | B2 |
8549212 | Lu | Oct 2013 | B2 |
8556168 | Lewis | Oct 2013 | B1 |
8640947 | Lewis | Feb 2014 | B1 |
8944317 | Lewis | Feb 2015 | B2 |
8985298 | Crist | Mar 2015 | B2 |
8998186 | Kim et al. | Apr 2015 | B2 |
9014845 | Babu et al. | Apr 2015 | B2 |
9163978 | Crist | Oct 2015 | B2 |
9401062 | Koide | Jul 2016 | B2 |
9663035 | Nakata | May 2017 | B2 |
9666035 | Blower | May 2017 | B2 |
9767422 | Ray | Sep 2017 | B2 |
10332205 | Russell | Jun 2019 | B1 |
10515367 | Horgan | Dec 2019 | B2 |
11308499 | Horgan | Apr 2022 | B2 |
20030120597 | Drummond | Jun 2003 | A1 |
20040149819 | Shepley | Aug 2004 | A1 |
20040178258 | Scarafile | Sep 2004 | A1 |
20040200894 | Ramachandran | Oct 2004 | A1 |
20040206767 | Haney | Oct 2004 | A1 |
20050269345 | Sommerville | Dec 2005 | A1 |
20060169764 | Ross | Aug 2006 | A1 |
20060273151 | Block | Dec 2006 | A1 |
20080054063 | MacPhail | Mar 2008 | A1 |
20080136657 | Clark | Jun 2008 | A1 |
20080195540 | Gee | Aug 2008 | A1 |
20090199053 | Neilan | Aug 2009 | A1 |
20100100230 | Babu | Apr 2010 | A1 |
20100162030 | Schindel, Jr. | Jun 2010 | A1 |
20110035797 | Slowik | Feb 2011 | A1 |
20120197796 | Dent | Aug 2012 | A1 |
20140151272 | Angus | Jun 2014 | A1 |
20140151450 | Lewis | Jun 2014 | A1 |
20140324677 | Walraven | Oct 2014 | A1 |
20150068863 | Blower | Mar 2015 | A1 |
20150278818 | Horgan | Oct 2015 | A1 |
20160140563 | Crist et al. | May 2016 | A1 |
20160140653 | Mckenzie | May 2016 | A1 |
20160225236 | Zhang | Aug 2016 | A1 |
20170004466 | Robles Gil Daellenbach | Jan 2017 | A1 |
Entry |
---|
B. Reardon, K. Nance and S. McCombie, “Visualization of ATM Usage Patterns to Detect Counterfeit Cards Usage,” 2012 45th Hawaii International Conference on System Sciences, Maui, HI, USA, 2012, pp. 3081-3088 (Year: 2012). |
“U.S. Appl. No. 16/705,383, Non Final Office Action dated Jun. 24, 2021”, 9 pgs. |
“U.S. Appl. No. 16/705,383, Notice of Allowance dated Dec. 24, 2021”, 15 pgs. |
“U.S. Appl. No. 16/705,383, Response filed Sep. 23, 2021 to Non Final Office Action dated Jun. 24, 2021”, 5 pgs. |
Reardon, B, et al., “Visualization of ATM Usage Patterns to Detect Counterfeit Cards Usage”, 45th Hawaii International Conference on System Sciences, (2012), 3081-3088. |
Number | Date | Country | |
---|---|---|---|
20220215395 A1 | Jul 2022 | US |
Number | Date | Country | |
---|---|---|---|
Parent | 14231011 | Mar 2014 | US |
Child | 16705383 | US |
Number | Date | Country | |
---|---|---|---|
Parent | 16705383 | Dec 2019 | US |
Child | 17699509 | US |