FRAUD DETECTION AND CONTROL ON ATM MACHINES, AN ALGORITHM FOR COMBATING CASH AND FUND TRANSFER.

Ibrahim A, A. Mishra, Barroon I.A++ Department of Mathematics/Computer science, Faculty of Applied and Natural Sciences Ibrahim Badamasi Babangida University, Lapai Niger State. Nigeria ++ Department of Mathematics/ Computer science, Faculty of Science. Ahmadu Bello University Zaria, Kaduna State. Nigeria ibrojay01@yahoo.co.uk, i.amitmishra@gmail.com, ++barroonia@yahoo.co.uk

ABSTRACT: Banking sector has been a vital institution that contributes immensely to the sustainability and maintenance of the economy in any country. The cases attributed to bank transaction can be negative when infused by intruders or fraudsters. This paper is poised at carefully analyzing the existing system of Electronic Fund Transfer through (EFT) ATM activities as regarding: - Cash withdrawal, fund transfer, password hacking, pin misplacement, and bio-technology. The paper will analyze various kinds of frauds and will try to propose an approach to help in solving and detecting frauds on ATM; thereby proposing a more sophisticated machine that will be able to accept the technologies of security. Fraudsters have untiring times making illegal moneys while the propose algorithm in this work will combat most efforts of illegalities regarding funds by electronic data processing (EDP) in the Banking sector; this will be achieved by data mining the bio-data though biometric combinational operations at the initial opening of the accounts and as such will conform with the algorithm proposed; the paper worked carefully using the existing literatures and systems to combine the approaches of biometric to the already existing ones and making a complete proposal for a design of ATM engine that will be having on it an incorporated thumb print capture area and the possibility of the eye scanners and also make sure it doesnt slow down the process to unacceptable speed.

Keywords: Electronic fund transfer, Electronic data processing, Fraud, ATM, Bank, Security, Bio-technology, Data-mining, algorithm, fund, bio-metric, eye scanners, thumb print.

INTRODUCTION: Fraud is as old as humanity itself; the Concise Oxford Dictionary defines fraud as criminal deception; the use of false representations to gain an unjust advantage'. Fraud can take an unlimited variety of different forms. Fraud can also be seen as the intentional misrepresentation, concealment, or omission of the truth for the purpose of deception/manipulation to the financial detriment of an individual or an organization (such as bank) which also include embezzlement, theft or any attempt to steal or unlawfully obtain, misuse or harm the asset of the bank. [2]

Several security actions and steps have been in practice to tackle this menace in the economy and humanity at large and as such, organizations/institutions, government and individuals are charged with the responsibility on how an end will be drafted for the benefit of proper and adequate free flow of activities particularly in the growing economic sector. We believed that the act of fraud can be identified and as such a sophisticated approach will be put in place in detecting and controlling the act. As fraud attempts grow in both number and variety, financial institutions are challenged with the need for comprehensive, yet cost effective, risk management solutions. It is our belief that these fraudulent or suspicious financial transactions can be identified, characterized and red flagged in real-time providing vital information to reduce their occurrences. For e.g. a check deposit followed almost immediately by cash withdrawal would be a suspicious activity and warrant a red flag to check the customers motives. [7]. Banking databases with all the transaction information is readily available. We use this information coupled with our business logic to detect fraud and to develop the real time fault detector as security guard. [7] One can now agree to say that fraud is the greatest enemy of development in the world as it takes away the existing confidence a client or customer would have in any business. The banking sector in this regards will be our major point of discussion, grooming in the direction of the Automated Teller Machines (ATM) in making operations such as Electronic Data Processing (EDP) and Electronic Fund Transfer (EFT). Furthermore, in controlling fraud in our Banks, customers will have to provide more security driven answers to enable the system escape some existing forms of fraud through Banks. Customers information will be data-mined to their respective accounts as to make a correction and fill all probable loop-holes that expose them to danger. OBJECTIVE: The objective is to examine the existing system and detect fraud and make up some alternative measures to reduce/control the acts of Fraud in the banking sector especially through Automated Teller Machines (ATM) by combining the PIN and bio- metric operations to grant access to only legitimate holders of account. FRAUD FORMS IN BANKS Fraud is today considered as the most lucrative way for most perpetrators of the act, it is the worse enemy to all forms of development in the world, frauds takes different forms and here we will try to identify some common ones among many; namely:-

Cheque fraud: - This is one of the most common forms of fraud; it is perpetrated though the use of cheque books where a fraudster steals the cheque book or makes a fake cheque to get money from a customers account without he/her consents. Identity fraud: - the fraud form where an account holder is faked, a fraudster claim to be the legitimate owner of an account by providing some informations claiming to be the legitimate account owner. This is common in institutions where identity cards are not demanded.

Credit/Debit card fraud: - The form that involves making an illegal copy of a user Debit card and casting all information on the card by the use of complicated viruses to store information on their magnetic components of the card. ATM transaction fraud: - A form that is most common via ATM, a fraudster gets your card and pin to disburse money from the ATM, some fraudster gets pin numbers by demanding card holders to provide them with numbers as upgrades and transaction payments. Wire fraud/money transferred fraud: - Phishing is the name given to the operation of sending scam mails demanding a change in the forms of cards and pin. Automatic Debit Scams: - The form of fraud where fraudsters demand you to enter some secret pins on convincing a holder of a prize won, here the fraudster demands bank details to make a transfer of the said won prize. Internal fraud:- A form of fraud where an employee of the bank take part or commit the fraud based on monitoring or intentionally identifying a careless account that is not checked. The staff of the institution steals the fund by transfer or cashing. International fraud/fund diversion: - A growing global economy has made it possible to make cross-border transactions and as such most of which needs the internet and computer communications to make this; malwares and complicated viruses are designed to steal private account information. Pin fraud:- Pin (Personal Identification Number) fraud is the form of generating an account holders pin number to gain access into his/her account, this is done by great experience fraudsters by generating an automated computer codes(program) that test and check for the combination that grant them the liberty of stealing funds. Economic hardship fraud:- Deposit fraud and check kiting Non-sufficient funds with no intent to repay Identity theft False fraud claims consumers stating fraud on their account when they were the ones who made the purchases. [9] [2]

FURTHER CATEGORIES OF BANK FRAUD Bank frauds may be further categorized into three, namely: - Fraud by flow, by victims and by act. [2] Flow frauds: - are categories classified based on the frequency and value involved; it includes i.) The smash and grab: not popular but high in value over time. ii.) Drip: Large in number, but small in value and repetitive over a long period. Victims fraud: - Classified based on the people affected by the fraud nature i. ii. Against the institution, where the bank suffers the loss. Against the Outsider/ holder, where the victims are customers.

SUSPECTED FRAUD ACTIVITIES Listed below are some fraud prone activities that could demand carefully checking and ensuring the activity is not fraud connected 1. If check deposit is closely followed by cash withdrawal within say 10 hrs. 2. If transaction type is above a specified number in 48 hours. 3. If active more than one session at the same time (concurrency). 4. If trying to withdraw more money than the limit in credit. 5. If trying to withdraw more money than the amount in debit. 6. If trying to log on for more than 3 times at once. 7. If any transaction is more than 80% credit limit in 48 hours (one transaction or sum or transactions in the 48 hour period). 8. Deposit activity out of the normal range for any account 9. Invalid Routing Transit numbers 10. Excessive numbers of deposited items 11. Total deposit amounts greater than average 12. Large deposited items masked by smaller deposit transactions 13. The amount exceeds the historical average deposit amount by more than a specified percentage 14. A duplicate deposit is detected 15. Deposited checks contain invalid routing or transit numbers 16. The level of risk can be managed based on the age of the account (closed account getting lot of transactions suddenly). 17. The number of deposits exceed the normal activity by the customer 18. Consider the proximity of the customers residence or place of business 19. A customers home/business telephone is disconnected. 20. A customer makes frequent or large transactions and has no record of past or present employment experience. 21. A customer uses the automated teller machine to make several bank deposits below a specified threshold. 22. Wire transfer activity to/from a financial secrecy haven, or high-risk geographic location without an apparent business reason, or when it is inconsistent with the customers business or history. 23. Many small, incoming wire transfers of funds received, or deposits made using checks and money orders. Almost immediately, all or most are wired to another city or country in a manner inconsistent with the customers business or history. 24. Large incoming wire transfers on behalf of a foreign client with little or no explicit reason. 25. Wire activity that is unexplained, repetitive, or shows unusual patterns. 26. Payments or receipts with no apparent links to legitimate contracts, goods, or services. 27. A customer who purchases a number of cashiers checks, money orders, or travelers checks for large amounts under a specified threshold. 28. Money orders deposited by mail, which are numbered sequentially or have unusual symbols or stamps on them.

29. Suspicious movements of funds from one bank into another, then back into the first bank: 1) purchasing cashiers checks from bank A; 2) opening up a checking account at bank B; 3) depositing the cashiers checks into a checking account at bank B; and, 4) wire transferring the funds from the checking account at bank B into an account at bank A. 30. A rapid increase in the size and frequency of cash deposits with no corresponding increase in non-cash deposits 31. Significant turnover in large denomination bills that would appear uncharacteristic given the banks location. [7] If any among the highlighted points is discovered to be associated, then a thorough investigation needs to be initiated to free the account from fraud and related illegalities.

AUTOMATED TELLER MACHINE (ATM) In 1967, the first ATM was put in use in Britain which gave birth to its installation in countries like Sweden, Japan, Germany, Canada and the United State of America in 1969 and put in use. From 1970 through early 80s, the number grew at an expected speed rate as the Western Europe and Asia-pacific regions equipped their transactions and businesses with ATMs. In 1989, the total number of machines installed was ranging 250,000 and 300,000. Later in the 1990s, the figure increased to an appreciating 500,000; this was justifiable and reliable as time travels trough millennium, the number of ATMs installed rose to exceed 1,000,000 units. Based on findings, by the end of 2003, the total number of machines has hit the mark of 1.35 million and further predicted to be above 2 million by the year 2010. [9] Automated teller machines (ATM) automates many financial transactions including deposits, withdrawals, account transfers, balance requests, phone units recharge and potentially loan payments. The machine holds a fixed amount of cash in bills from which a user can withdraw based either on current value of his or her account or on credit [6]. This machines are relatively strong iron protected frame cases stationed in banking halls, supermarkets, recreational sites and vital locations for easy accessibility to user accounts during and after working hours. Certain constraints are always faced by account holders such as the rigor of travelling to sites and towns where the accounts are domicile; but the ATMs address these constraints by allowing banks to operate beyond their branch network which can reduce the cost of servicing rural clients and the cost to clients of accessing their accounts.

Fig 1: Typical image of the ATM [6]

Operations on the ATM system is started by demanding the account holder/ user to insert his card into the provided card slot, after which the user is required and prompted to input the pin (Personal Identification Number) and as such the business will check to make sure the user can be granted the stage of accessibility after authorization [9]. ATM can be said to have two input areas from the mechanics point of view which are the card reader and the keypad area and four output devices namely :- the Speaker, Screen (Monitor), Cash dispenser and the receipt printer. Not visible to the user/ card holder is a communication mechanism that links the ATM directly to the machine host network that communicates directly to the server in the banks [6]. Here we will be looking at a more sophisticated approach to incorporate greater accessibility options via thumb print capture (bio-metric) for security reasons as regarding issues of fraud on the system. The machine on satisfying the authentication process, it forwards the card details to the host processor, which now routes the information to the financial institution concerned. If the request is cash driven, the host processor signals for Electronic Fund Transfer (EFT) from the account. Once the funds have been transferred electronically, the ATM receives an approval code authorizing the dispenser of the cash in question. The authorization is the most sensitive at this point making the commit in the bank and verifying all primary information of the user account details, balance, and all reports generation for tracing and printing of the bank statements on routine or demand.

Below is a simple diagrammatical illustration of the ATM transaction

Fig 2: ATM Transaction Source [6]

Fig 3: Inside ATM transactions Image Source [6]

ATM FRAUDS: Automated Teller Machine frauds are illegalities connected to the businesses and operations on ATMs. This includes acts such as identity theft, pin misplacement, card theft, password hacking and electronic fund transfer etc. Research has shown that with the advent of good technological means, fraudster just need to send scam mails demanding card information and pins to exhibit the task of fraud on ATM. The Identity Theft Assistance Center (ITAC) reports that security breaches are up 47 percent since 2004, with most approaches from cybercrime costing approximately $100 billion in the U.S. annually and expected to increase. A Web site that tracks and posts security

breaches, InsideIDTheft.info, reports that in the last five years, approximately 500 million records containing personal identifying information of U.S. residents stored in government and corporate databases were either lost or stolen. The ubiquity of electronic payment transactions and the emergence of a global e-commerce economy offer criminals lots of opportunity to perpetrate fraud. [39] ATM frauds are very difficult to detect even with the help of the embedded photo capturing tool, so therefore the best way to detect fraud via ATMs is by having all accounts connected to mobile phones and making real-time alerts of the time and location of the transaction. Alternative way to checkmating ATM frauds also can be devised as stationing most ATMs in security close sites e. g Police Stations, banking premises etc. Findings revealed that most ATM frauds are through pin generation and card theft, so we are proposing a new design for the ATMs so as to combat the issue of pin generation which is definitely easy as it only involves the combination of four (4) digits among the ranges of 0-9 (Numeric). DETECTING AND CONTROLING ATM FRAUD Frauds on ATM are only detected by financial statements due to the fact that fraudsters have derived a way and form of cancelling an alert on the operations of fund/ cash transfer and theft from accounts. A vital way to control this ill problem will be to deny the fraudster the right of access and authentication from the initial stage so that even when the card is counterfeited, the access code and thumb print will be the tog of war for the fraudster. This proposed thought will take us to the concept of the algorithm for our new system. Also we can check to control the occurrences though some findings as suggested by First data white paper [39]to boost the security: For Internet banking (online) Customers should be trained and enlightened about checking their balances on regular basis so as to provide faster fraud detection. Customers should go paperless-Without traces of paper such as transaction receipts, pin activation letter and bank statements, fraud in such direction could be checkmated (Over 30 percent of identity theft is perpetrated by someone close to the customer) So proper shredding should be adopted. Consumer selected notifications E-mail or text message notification for address changes, transactions and account changes provides another layer of defense. PIN change options Customer-specified designation of PIN change options (e.g., via the phone, at an ATM, online) maintains security and provides choice. Card activation options Providing options to automate or speak with an agent of the bank will be more secured than activating via internet or machine.

 Account lock options Customer options to lock their accounts from specific transaction types (all transactions, international, e-commerce, etc.). By providing authorization denial strategies to customers, financial institutions are deputizing their customers to maintain their accounts. Interactive text message capability Provides a process that will enable customers to confirm, before the authorization is approved, that the transaction is legitimate. One-time use text password for online banking access Provides customers the ability to authenticate that they are on the financial institutions Web site and not being directed to a criminal Web site

PROPOSED ALGORITHM 1. Accounts should be opened to individuals with necessary information of thumb print capture. 2. A secret question should be asked about the account holder. 3. The new account should be mined to the provided information at the initial stage of the opening. 4. Customers should be demanded to change their pins on collection of cards. 5. All transactions should be started by inputting the pin and thumb print. 6. On logging out the card withdrawal should free the data capture that was linked with the account during operation. NEW ATM MACHINE As history will have it, Japan has produced a more sophisticated ATM machine through Fujitsu by including vital functionalities ranging from: - Bilingual options, clearer visibility on display screen for the elderly, voice instruction service for people with disability either through sight or otherwise, handset embedded tool, etc. [4]. To actualize the dreams of filling an ATM request form, a provisional section for thumb print sign should be added to the form. See a sample of the existing form below:-

Source: [28] The new design of the ATM machines forms should provide a provisional increase in the input devices to include the finger print capture area. 1. The new ATM machine should also be designed in such a way that users and customers on wheel chairs could access their accounts without sending someone to type or make transaction for them. 2. The new machine should also have a standing leaning pole for the users and customers that could stand for few seconds by gripping a pole.

FINGER PRINTS Fingerprints had been used as source of identification since the T'ang Dynasty in China, and in 8th century Japan--a thumbprint could suffice for a signature on legal documents. The first crime solved using fingerprints is sometimes stated to be a murder case that occurred in ancient Rome, where a bloody handprint was later found to be the match for the killer. Later, Western awareness of the possibilities of fingerprinting first came to notice in 1684 with a lecture given by British doctor Nehemiah Grew, who spoke on the ridge patterns of fingerprints. Two years later, Italian physician Marcello Malpighi wrote a treatise describing the ridged patterns. Their interests ended for over a hundred years; in 1823 Johannes Evangelist Purkinje wrote his doctoral thesis for the University of Breslaw that divided fingerprints into nine different types. Further studies took over and gave rise to the bases of what we have as a promising security guided bridge against fraud.
[17][20][26][27].

Finger prints are the unique curves and curl lines on our hands and toes, it has been observed from studies that each individual has a distinct and unique curves as ridges; this means it can be used as a medium for security and identification to our system. Surprisingly, there are only seven different forms of the prints namely: - Arch, Tent arch, Mixed, Loop, Double loop, Pocked loop and Whorl. As we have only seven forms, no two persons have the same finger prints and as such it makes it a great asset for security building and making our proposed system security buoyant and sophisticated. The only possible difficulty that poses at the finger print capturing tool will be for the customers working in heavy mechanics or burn prone industries where the ridges can be damaged as a result of fending for their daily breads making it extremely difficult for capture. This will make the score assigned to be low on result of capture.

PROBABLE CHALLENGES Inefficiency or poor management: If the management or institutions are poor in management, then it can never be fully achieved. Lack of adequate controls can open the door to theft and/or fraud: ATMs require a high degree of additional control beyond the existing one. Institutions need to make sure they are able to track funds that have been deposited into the ATMs but not yet accounted for in central accounts as fraud or errors may be involved with the deposit. Service providers can supply institutional support to fully integrate controls. Lack of understanding of client demand for and willingness to adopt ATMs can lead to failed implementation. When initiating new technologies such as offering financial services through ATMs, institutions must be prepared to educate clients on the benefits and train customers on the use of the new technology. Failing to do so can reduce adoption rates and/or lead to a rejection of the technology by the targeted clients. Failure to adequately consider the implications of ATMs on the business financial and operational performance. If financial service providers do not fully calculate the cost of the ATMs on the institution (purchase, installation, maintenance, staff and client training, new controls) it will be unable to understand the cost-benefit of using the new machines and could end up with a poor investment. Depersonalizing services can alienate clients. Clients are often relationship oriented and enjoy interaction between the staff of the institution during transactions. These transactions build trust and familiarity while automating processes can depersonalize services and alienate clients. This must be considered and adequately planned for when switching from highly personalized services to automated transactions. [6].

CONCLUSION AND RECOMMENDATION In conclusion, Automated Teller Machines (ATM) should be designed with more security enabled facilities so as to put an end to the frauds attributed to the banking sector via the machine. The engineers should put into consideration while making the design the problem of queuing and timing so that the system will not be slow and frustrating. We recommend that countries like Nigeria and other African neighbors should adopt the machines used in Japan which were designed by Fujitsu so as to control the menace of fraud in the African continent.

REFERENCES 1) Alfa- Banks, ABPC banking technologies report. Modern Fraud Prevention from a Banks Point of View. (2009) An Assessment of Fraud and its Management in Nigeria Commercial Banks. Abiola, Idowu, European Journal of Social Sciences Volume 10, Number 4 (2009). An Empirical Study of Automated Teller Machine Service Quality and Customer Satisfaction in Pakistani Banks. Muhammad Asif Khan. European Journal of Social Sciences Volume 13, Number 3 (2010) Atawa et al. Promoting Universal design for Automated teller machine, (2006). Fujitsu Sci. Tech ATMIA ATM Industry association, GASA talking points (2006) ATMs Tech Briefs, Rural Agricultural Finance Specialty Topic Series USAID (2008) Automatic teller machines - User access (1990) www.inforstore.saiglobal.com/store CGAPIT Innovations www.cgap.org/publications/microfinance_technology.html China ATM (Automatic TellerMachine) Market Report, (2008) http://www.researchinchina.com Emergence and Evolution of ATM Networks in the UK, 1967-2000. Bernardo Btiz-Lazo (2008) https://lra.le.ac.uk/bitstream/2381/8163/1/ATM_v7_wtables.pdf Series

2)

3)

4)

5) 6) 7)

8)

9)

10)

11)

FACT-V: Universal Access and Quality of Interaction for Automatic Teller Machine (ATM), Iwao Kobayashi1, Et al. (6th ERCIM Workshop, Italy (2006)) Fraud Detection and Banking Transaction Project (FDBT) main report (2008).

12)

13)

The Encryption Technology of Automatic Teller Machine Networks Shun Wong April 2nd, Software engineering winter conference ( 2005) http://www4.ncsu.edu/~kksivara/sfwr4c03/projects/4c03projects/SFWongProject.pdf

14)

http://globalnetcommerceinc.com/pdf/white_papers/white_paper_wireless_ atms.pdf http://www.academic.marist.edu/~jzbv/SoftwareDevelopment/ATMExamp le.html http://www.accessexcellence.org/RC/AB/BA/DNA_Fingerprinting_Basics. php http://www.fbi.gov/hq/cjisd/takingfps.html http://www.worsleyschool.net/science/files/finger/prints.html http://www.patentstorm.us/patents/7575166/description.html http://www.worsleyschool.net/science/files/finger/prints.html http://www.edcampbell.com/PalmD-History.htm http://www.uscis.gov/portal/site/uscis/menuitem.eb1d4c2a3e5b9ac89243c6 a7543f6d1a/?vgnextoid=b6629c7755cb9010VgnVCM10000045f3d6a1RC RD&vgnextchannel=b6629c7755cb9010VgnVCM10000045f3d6a1RCRD

15)

16)

17) 18) 19) 20) 21) 22)

23)

http://www.crimeandclues.com/index.php/physical-evidence/fingerprintevidencehttp://www.thenakedscientists.com/HTML/articles/article/dalyacol umn8.htm/ http://ridgesandfurrows.homestead.com/

24)

25) 26) 27) 28) 29) 30) 31) 32) 33)

http://www.essortment.com/all/fingerprinthist_rmmv.htm http://www.essortment.com/all/fingerprinthist_rmmv.htm http://www.dltk-kids.com/crafts/miscellaneous/fingerprint_characters.htm http://www.housingfinance.co.ug/files/Swift%20Cash%20Form.pf http://www.cyberbee.com/whodunnit/fp.html http://www.neurotechnology.com/ http://onin.com/fp/fphistory.html http://www.neurotechnology.com/verieye-technology.html#algorithm https://lra.le.ac.uk/handle/2381/8163

34) 35)

http://www.neurotechnology.com/verieye_sdk.html#sdk_content http://www.neurotechnology.com/verifingertechnology.html#algorithm

36)

Improving Payments Fraud Detection and Prevention: ACI Proactive Risk Manager with IBM System 10 (2008) http://www.ibm.com NetEconomy U.S.A. The Need for Back-end Fraud Detection and Prevention. August (2007)

37)

38)

Risk Management and Fraud Solutions. A first Data white paper, Krista Tedder (2009) Success story: Fraud. http://www.fico.com VeriSign Identity Protection (VIP), Fraud Detection Service ATM Module. Datasheet (2010) http://www.verisign.com

39)

40)