automatic teller machine
engsal20
myATMSystem.docx|
|
|
|
|
|
|
|
|
|
|
Automatic Teller Machine System AV-1: |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
System Name: |
Automatic teller machine |
|
Architects: |
|
|
Purpose: |
The ATM system is to provide a cost‐effective service to bank customers that is convenient, safe, and provides a secure 24‐hour access to a common set of banking transactions. |
|
Scope: |
-Supply, installation, configuration of ATMs / software / maintain other optional items etc. – Testing the operations of ATMs and user acceptance. Provide all necessary maintenance and repairs to ATM equipment.
|
|
Mission:
|
While creating this system, we focused on some issues that affect the banks and we will be attending to those issue with the production of this system. So our mission is to provide convenient, secure bank transaction services to customers at a reduced cost of providing these basic transactions. |
|
Threats: |
Some of the threats we would come across are: · Cost · Complexity · Government regulations · Increase in unemployment |
|
Geographical Region of Interest: |
We plan to launch the system and use it in Saudi Arabia. |
|
|
· |
|
Stakeholders: |
· Users · Bank · Security auditor · Security administrator · IT administrator · Developers · Power Supplier · Maintenance personnel · Installers · Builders · Government (regulators) · Marketing/Sales |
|
Findings: |
· Similar types of systems exist
|
|
Issues:
|
· Large investment to get up and running · Safety from skimmers · maintenance of system · Power availability · Internet connectivity requirement. |
|
Assumptions and Constraints:
|
· Power is available at the installation · Adequate inputs are available to configure the system · Some kind of configuration interface will be provided |
Operational Node Connectivity (OV-2)
User Needs:
OV-5/ IDEF0
A0
A1
A1.1
A2.
A2.1
System Architecture:
( Cash Dispenser /deposit ) ( Receipt Printer ) ( Card Reader ) ( Receipt ) ( Cash ) ( Debit/Visa ) ( Customer ) ( Operator ) ( ATM )
Physical Architecture :
Verification and Validation
|
Requirement Text |
Test |
Analysis |
Inspection |
Demonstration |
|
The ATM system shall service one customer at a time. |
|
|
|
X |
|
The ATM system shall enable the customers who have valid ATM cards, to perform one or more transactions. |
x |
|
|
|
|
. An ATM card usage shall be considered valid if it meets the following conditions: a) The card was issued by an authorized bank. b) The card is used after the start date, i.e., the date when the card was issued. c) The card is used before the expiration date, i.e., the date when the card expires. d) The card has not been reported lost or stolen by the customer, who had been issued that card. e) The customer provides correct personal identification number (PIN), which matches the PIN maintained by the system. |
x |
|
X |
|
|
The ATM shall be ejected card after signing in and validated by the system. |
X |
|
|
X |
|
The ATM system shall allow the customer to enter the correct PIN in no more three attempts |
X |
|
|
X |
|
If a card was entered more than three times in a row at any ATM and the password was wrong each time the card is kept by the ATM An error message will be displayed that the customer should call the bank. |
x |
|
|
X |
|
The Error message should be displayed at least 4 sec. If there is no response from the bank computer after a request within seconds the system shall rejected with an error message. |
X |
|
|
X |
|
|
|
|
|
|
|
The ATM system shall ask for the transaction type after satisfactory validation of the customer PIN. |
X |
|
|
X |
|
If a customer selects withdrawal transaction, the system shall prompt the customer to enter amount to be dispensed. |
X |
|
|
X |
|
For a withdrawal transaction, the system shall determine that sufficient funds exist in the requested account, that the maximum daily limit has not be exceeded, and that there are sufficient funds available at the local cash dispenser. |
|
X |
|
|
|
If a withdrawal transaction is approved, the requested amount of cash shall be dispensed, a receipt shall be printed containing information about the transaction, |
x |
|
|
X |
|
If a customer selects a deposit transaction check or cash, the system shall Identify the amount of the cash and verify the check. |
X |
|
X |
|
|
The system shall cancel any transaction if it has not been completed if the customer presses the Cancel button |
x |
|
|
X |
|
The system shall be in Arabic and English languages upon customer choice. |
x |
|
X |
|
|
|
|
|
|
|
|
The system shall enable an ATM operator to shutdown or start up an ATM for routine maintenance. |
X |
|
|
X |
|
The system shall enable an ATM operator to add cash to the cash dispenser. |
|
|
|
X |
|
The system shall enable an ATM operator to add paper to the printer receipt. |
|
|
|
X |
|
The system shall not be responsible for opening or closing of accounts, and to create, update, and delete customer and debit card records. |
|
X |
|
|
|
The ATM system shall provide software interfaces to the software used by deferent banks Different network software. |
X |
|
|
|
|
The system shall be linked with the bank server through communication systems, which are beyond the scope of the current system. It is assumed that this facility is always available. |
X |
|
|
|
|
The system shall not be responsible for the maintenance of the hardware devices of the ATM or network facilities. |
|
|
X |
|
|
The ATM system shall be safe kept in physical aspects. |
|
|
X |
X |
|
The ATM system shall be bolted to floor to prevent any kind of theft. |
X |
|
|
X |
|
The ATM system shall have an emergency phone call. |
|
|
X |
|
|
The system shall have camera for security issues. |
|
|
X |
|
|
Physical |
|
|
|
|
|
The system shall have a CPU (to control the user interface and transaction devices). |
X |
|
|
|
|
The system shall have the Ability to read the ATM card. (To identify the customer). |
X |
|
|
|
|
The system shall have Alternative methods to verify cardholder identities such as finger print or facial recognition if feasible. |
X |
|
|
|
|
The system shall have a Touch screen for convenience. Keypad (in case touchpad fails). |
X |
|
|
X |
|
The system shall have a proper lighting |
X |
|
X |
|
|
The system shall have a glare-free screen for display. |
X |
|
X |
|
|
The system shall have a Continuous power supply. |
X |
|
|
|
|
The system shall have sensors and indicators for security issues. |
X |
|
|
|
|
Support |
|
|
|
|
|
The system shall be able to use several data formats according to the data formats that are provided by the data bases of different banks A transaction should have all the properties of a data base transaction. |
X |
|
X |
|
|
The system shall operate without maintenance for a period of 4 years. |
|
|
X |
|
|
The system shall be repairable. |
|
|
X |
|
Risk management:
|
Risk Number |
Risk |
Action |
Level |
|
1 |
Card and Currency Fraud |
Jitters, for example, vary speed and movement of cards or introduce motion. |
High |
|
2 |
Physical Attacks |
Magnetic contacts, alarm control panels, access control and heat sensors as alarm equipment. |
Low |
|
3 |
Cardholder Data Protection |
· Change control, to guarantee that necessary and wanted changes are made only. · Data masking, to disguise cardholder data. · User access control, to restrict permissions. · Password policy, to hamper password guessing. |
Medium |
|
4 |
Application Control |
Security software like antivirus software is used to prevent unauthorized software execution. |
Medium |
|
5 |
Full Hard Disk Encryption |
Encrypting data on an ATM's hard disk to make it unreadable in case of theft or unauthorized access. Physically protecting the hard disk is an additional safeguard, because data access becomes more difficult. |
Medium |
|
6 |
Host-based Firewall |
A firewall and a monitoring system to analyze and authenticate connection attempts are recommended in order to build such a layer of defense. |
High |
|
8 |
Weather Conditions |
The system shall made from a thin layer of high-grade vacuum-sealed plastic, the ATM Shield easily adheres to machine components using a 3M™ adhesive border and watertight gasket seal. In order to protect screen, button and keyboard mechanism. |
Low |
|
9 |
Power supply |
The system shall provide a Solar panels an alternative energy source |
Very Low |
With the risks summarized, each of these risks is quantified in table x based on its likelihood and potential impact.
|
Likelihood |
|||||
|
5 |
|
|
|
|
6 |
|
4 |
|
|
|
1 |
|
|
3 |
|
|
3,4,5 |
|
|
|
2 |
|
2, 8 |
|
|
|
|
1 |
9 |
|
|
|
|
|
|
1 |
2 |
3 |
4 |
5 |
|
|
Consequence |
