Micro ATMs are Point of Sale (PoS) devices that work with minimal power, connect to central banking servers through GPRS, thereby reducing the operational costs considerably. Micro ATM solution enables the unbanked rural people to easily access micro banking services in a very effective manner. Micro ATMs are extensively used in Aadhaar enables payment systems.
The basic interoperable transaction types that the micro ATM will support are:
The micro ATM will support the following means of authentication for interoperable transactions:
With respect to POS data vulnerabilities, there are three specific areas that should be given attention including data in memory; data in transit; data at rest.
Data in memory in this context is when the card track data is brought into the system at the POS system via a POI (Point of Interface or some other input device). Data in memory is nearly impossible to defend if an attacker has access to the POS system. Traditionally, data input into the POS system was in memory in clear text, which is what allowed, attackers, memory scrapers to be very successful. The way to minimize this risk is by encrypting the card data as soon as possible and keeping it encrypted to the maximum extent throughout its life within the system. Point to Point Encryption (P2PE) could be used to address the issue of encrypting data in memory.
Skimming is the theft of credit card / Debit card information. Thieves can obtain victim's credit card number using a small electronic device near the card acceptance slot and store hundreds of victim's credit card numbers.
Social engineering involves gaining trust - hence the fraudster poses as a member of staff. The fraudster would then ask the customer to check the card for damages. The fraudster would have gained confidence from his prey using various tactics such as offering assistance to the customer who perhaps would have tried to use the ATM without success or perhaps the customer who is not familiar with use of micro ATM machine and requires assistance.
Best practices for service providers
Source : infosecawareness.in