Back

Establish, implement, and maintain an Automated Teller Machine security program.


CONTROL ID
13060
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Technical security, CC ID: 00508

This Control has the following implementation support Control(s):
  • Disseminate and communicate transaction alerts originating from Automated Teller Machines to cardholders., CC ID: 13103
  • Restrict debit card transactions to online transaction authorizations only., CC ID: 13073


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • for terminals allowing deposit of banknotes, careful assessment and selection of terminals should be performed having regard to, among other factors, their capability in detecting counterfeit banknotes and related test results. As vendors of these terminals would make available system updates from t… (§ 7.3.2(iii), Hong Kong Monetary Authority Supervisory Policy Manual TM-E-1 Risk Management of E-Banking, v.2)
  • keypad covers and anti-skimming devices (if the use of cards is needed) should be installed in terminals that require customers to input PIN for transaction authentication. Frequent patrols of terminals should be undertaken both during and after office hours in order to check the physical security o… (§ 7.3.2(ii), Hong Kong Monetary Authority Supervisory Policy Manual TM-E-1 Risk Management of E-Banking, v.2)
  • Data center and network management and the quality of internal controls over internal ATM networks and gateway connectivity to regional, national, and international EFT/POS and bankcard networks. (App A Tier 1 Objectives and Procedures Objective 3:1 Bullet 2, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)