This Control has the following implementation support Control(s):
Disseminate and communicate transaction alerts originating from Automated Teller Machines to cardholders., CC ID: 13103
Restrict debit card transactions to online transaction authorizations only., CC ID: 13073
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
for terminals allowing deposit of banknotes, careful assessment and selection of terminals should be performed having regard to, among other factors, their capability in detecting counterfeit banknotes and related test results. As vendors of these terminals would make available system updates from t… (§ 7.3.2(iii), Hong Kong Monetary Authority Supervisory Policy Manual TM-E-1 Risk Management of E-Banking, v.2)
keypad covers and anti-skimming devices (if the use of cards is needed) should be installed in terminals that require customers to input PIN for transaction authentication. Frequent patrols of terminals should be undertaken both during and after office hours in order to check the physical security o… (§ 7.3.2(ii), Hong Kong Monetary Authority Supervisory Policy Manual TM-E-1 Risk Management of E-Banking, v.2)
It is necessary to ensure that deposit withdrawals and other cash transactions through CD/ATM, and other automated machines are properly performed for duly authorized customers, in order to protect against possible illicit withdrawals. (P109.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
It is necessary to raise customers' awareness about items necessary for security during transactions through CD/ATM. (P108.3. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
It is necessary to define procedures for response to a failure in a convenience store ATM or a disaster. (P128.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
It is recommended that the police with jurisdiction be made aware of the ATM when it is installed and on a regular basis, and also that contact be established. (P130.2., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
For CDs/ATMs installed outside stores, it is necessary to establish the operational management methods for flagship stores. (P119.2., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
It should be remembered that two or more personnel should be involved in loading of cash into CD/A TM. (P121.2. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
Security measures must be implemented for convenience store ATMs with regard to the condition of facilities in the store and the convenience store personnel. (P126.3. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
Since convenience store ATMs are installed in areas with an open layout, it is necessary to define a crime-prevention system and method to assure security associated with cash loading or other maintenance work. (P127.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
Keeping a convenience store ATM key in the convenience store increases the possibility that store personnel will become involved in a crime. For this reason, it is recommended that the key to a convenience store ATM not be kept at the convenience store, but rather be kept in the custody of security … (P127.2., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
It is necessary to implement appropriate protective measures for network-related equipment installed in convenience store ATMs. (P129.1., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
It is necessary to carry out cash loading with care to keep the cash unnoticed and exposed for the shortest possible duration. (P121.2. ¶ 3, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
It is preferable that cash loading is available through the back of the CD/ATM. For the loading of cash into the front-loading type CD/ATM, special attention should be paid to the unprotected backs of personnel engaged in the cash loading. (P121.2. ¶ 4, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
For installing CD/ATM, it is necessary to select the location that can be monitored using security cameras or that is visible from the convenience store's counter. (F137.1. ¶ 2, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
It is necessary to implement more sophisticated crime-prevention measures than provided for CD/ATM installed in ATM rooms in conventional head offices and branch offices. (F137.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
Around the ATMs in convenience stores in particular, users come very close to each other as compared to ATM rooms in financial institutions, thus causing a higher risk of stolen private information. In consideration of these facts, it is necessary to implement adequate protection against stealing a … (F137.3. ¶ 2, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
It is necessary to install CD/ATM in proper locations that allow monitoring through security cameras or are visible from the counter to enhance the security. (F135.4., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
ATMs in convenience stores should have proper provisions to prevent stealing a glance at a personal identification number or other private information from the back or side during use of the ATM. (F137.3. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
For loading of cash into ATM and its maintenance, it is recommended that a machinery room be provided at the rear side of the ATM. (F116.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
For prevention of crimes due to installation of hidden cameras, careful consideration should be given in the layout of surroundings of CD/ATM (e.g., installation of small boxes containing sales promotion leaflets) so as not to allow installation of any hidden cameras. (F137.2., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
Data center and network management and the quality of internal controls over internal ATM networks and gateway connectivity to regional, national, and international EFT/POS and bankcard networks. (App A Tier 1 Objectives and Procedures Objective 3:1 Bullet 2, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
