Security of ATM Using Digital Image Processing Avni Mittal 1, Shubhani 2, Sarika Tyagi 3 Department of Computer Science and Engineering Raj Kumar Goel Institute of Technology for Women Ghaziabad, India 1 avnimittal.rkgitw@gmail.com, 2 shubhi.garg8@gmail.com, 3 sarikatyagi@rkgitw.edu.in Abstract By the birth of the Automatic Teller Machines, banking became a lot easier but with its own troubles of insecurity. ATM systems today use access card and PIN for identity verification. The advance trend of biometric identification techniques, including finger printing, retina scanning, and facial recognition has made a great efforts to save the unsecured situation at the ATM. This paper looked into the development of a system that combines the facial recognition technology into the identity verification process used in ATMs.The development of such a system would help to protect consumers and financial institutions from intruders and identity thieves. This paper proposes an automatic teller machine security model that would combine a physical access card, a PIN, and electronic facial recognition. However, it obvious that man s biometric features cannot be replicated, this proposal will go a long way to solve the problem of Account safety making it possible for the actual account owner. hence by seeing an urgent need for improving security in banking region the proposed software can help. Index Terms ATM, digital image processing, face, PIN, security. 46 I. INTRODUCTION Nowadays people don't even think twice about using ATMs. But how many people actually think about the security risks involved in using them? How many people think about the potentials for fraud and crime that ATMs introduce? The answer is probably not many, since these transactions are so common now. But as the use of ATMs is on the rise, so is the number of crimes involving ATMs. A. PROBLEMS FACED More recently and even more to the point is another story that was written about in the Reno Gazette- Journal on November 6, 1990. The headline reads "Reno bank job nets $740,000". The criminals in this story involved one insider who worked for Wells Fargo Armored and ATM Repair Service and four other people. The insider was newly hired by Wells Fargo and was part of a team that delivered the $740,000 to the ATM for storage on October 24, 1990. Later that day, the alarm for the ATM was triggered. But when the police came, they didn't see any signs of entry and they left. The alarm was reset by the bank, and the next morning the money was discovered missing. A specific key and combination was needed to gain entry, so the investigation focused on Wells Fargo employees. In the end, the FBI was able to recover little less than half of the money, but there was still $350,000 missing. Since both a specific key and a combination was needed, how did one employee have access to both? What happened to dual access control? Did it fail in this instance? Or was it never in place? Or is dual access control a result of crimes like these? Because ATMs are a part of our daily lives by allowing us access to cash and other financial information, it's important that we understand the security risks and the measures in place to protect our money. Along the same lines, it's important that we understand the security measures around tellers. Afterall, they are the ones who have access to all the account information in the database and access to a potentially large sum of paper money. They have financial histories at their fingertips. They enter in transactions for the customers. Is there some way fraudulent transactions could be entered? Is there any way that money could be skimmed? What measures are in place to protect us from the tellers who are behind the counters? Not only do we have to consider security from the tellers, but security of the tellers. Precisely because they do have access to large sums of cash and financial information, what danger does that put them in? What measures are in place to protect the tellers
from bank robbers? These are some of the questions that I would like to address in this paper. II. IMPORTANCE OF SECURITY IN ATM There ATMs make life easy. You can get cash in less than a minute from almost anywhere. However, attacking ATMs is "more lucrative than drugs" according to Diebold's Chuck Somers, who summarizes the three major ATM threats for BankInfoSecurity.com: Physical, or stealing the cash from an ATM Logical, or the installation of malicious software, and Fraud, or using fake cards and stealing card details in skimming scams The threat of getting your card skimmed is the greatest one and continues to increase -- scammers get easy access to cash, and the stakes are low if they get caught. As skimming devices get harder and harder to detect, it's more and more important to bank at ATMs you trust. Machines at bank branches can be attacked, but they're less risky than machines out on the street. If you're cavalier about where you use the ATM, be sure that you regularly check your accounts for unusual activity. Default password disabled to avoid unauthorized c access. Timely reconciliation of cash loading with ATM Till account Surveillance through physical monitoring and CCTV cameras 2 )About Cards Strong algorithms are used in generating PANs Storage of card details is done on protected systems Card details (such as PAN, expiry date) are jealously guarded. While communicating, PAN is masked Strong Encryption is used when transferring files especially, between TPP and Issuer Magnetic stripe type is outlawed in some countries to avoid card cloning. Some restrictions are placed on cards in terms of allowable transactions and withdrawal limit 3) About PIN Where PIN mailers are used, they are not dispatched at the same time with the cards and usually through a different medium. PIN selectable options are used to prevent insider compromise PINs are masked during usage against shoulder surfing. A. Present measures taken for security Considering the volume of transactions being processed by several branches of a commercial bank, proper control in Form the identification and authentication should be in place.several control measures have been put in place to ensure interests of all concerned parties such as issuers, acquirers, third party processors, switching companies and cardholders are protected. Some of the controls in place include: 1) About ATM Well lit up to discourage shady deeds at night Fortified with camera for footage Keypad protector against key logger and shoulder surfing Dual control of physical access to the machine 47 III. DIGITAL IMAGE PROCESSING An image may be defined as a two-dimensional function, f(x, y), where x and y are spatial (plane) coordinates, and the amplitude of at any pair of coordinates (x, y) is called the intensity or gray level of the image at that point. When x, y, and the amplitude values of f are all finite,discrete quantities, we call the image a digital image. The field of digital image processing refersto processing digital images by means of a digital computer. Note that a digital image iscomposed of a finite number of elements, each of which has a particular location and value.these elements are referred to as picture elements, image elements, pels, and pixels. Pixel is theterm most widely used to denote the elements of a digital image. Vision is the most advanced of our senses, so it is not surprising that images playthe single most important role in human perception.
However, unlike humans, who are limited to the visual band of the electromagnetic (EM) spectrum, imaging machines cover almost the entireem spectrum, ranging from gamma to radio waves. They can operate on images generated bysources that humans are not accustomed to associating with images. These include ultra-sound,electron microscopy, and computer-generated images. Thus, digital image processingencompasses a wide and varied field of applications. There is no general agreement amongauthors regarding where image processing stops and other related areas, such as image analysisand computer vision, start. Sometimes a distinction is made by defining image processing as adiscipline in which both the input and output of a process are images. We believe this to be alimiting and somewhat artificial boundary. federal, state and local governments, in the military, and in commercial applications. Enterprise-wide network security infrastructures, government IDs, secure electronic banking, investing and other financial transactions, retail sales, law enforcement, and health and social services are already benefiting from these technologies. A. How Biometric System Works? In biometrics a series of steps are followed to get the aimed goal, the steps are as shown in the figure below : Sensor : A sensor collects data and converts the information to a digital format. Signal processing algorithms : This is where quality control activities and development of the template takes place. Data Storage : Keeps information that new biometric templates will be compared to. Matching algorithm : Compares the new template to other templates in the data storage. Decision process: Uses the results from the matching component to make a system level decision. B. Types of Biometrics 1) Finger scan: Finger-scan biometrics is based on the distinctive characteristics of the human fingerprint. Fingerprints are used in forensic applications: large- scale, one-tomany searches on databases of up to millions of fingerprints 48 IV. Fig-1 Steps of DIP BIOMETRICS The Biometrics are automated methods of recognizing a person based on a physiological or behavioral characteristic. Among the features measured are face, fingerprints, hand geometry, handwriting, iris, retinal, vein, and voice. Biometric technologies are becoming the foundation of an extensive array of highly secure identification and personal verification solutions. As the level of security breaches and transaction fraud increases, the need for highly secure identification and personal verification technologies is becoming apparent. Biometric-based solutions are able to provide for confidential financial transactions and personal data privacy. The need for biometrics can be found in 2) Retina scan: Retina scan requires the user to situate his or her eye with ½ inch of the capture device and hold still while the reader ascertains the patterns. Retina scan is designed to use in military facilities, logical security applications such as network access or PC logic 3) Iris scan : The iris has colored streaks and lines that radiate out from the pupil of the eye. The iris provides the most comprehensive biometric data after DNA. The iris has more unique information than this. 4) Hand Geometry :This is one of the first succesful commercial biometric products.a person places their hand on a device and the system takes a picture of the hand using mirrors,then measures digits of the hand and compares to those collected at enrollment.
C.. Facial Scan Masked The first and most important step of this project will be to locate a powerful open-source facial recognition program that uses local feature analysis and that is targeted at facial verification. This program should be compliable on multiple systems, including Linux and Windows variants, and should be customizable to the extent of allowing for variations in processing power of the machines onto which it would be deployed. We will then need to familiarize ourselves with the internal workings of the program so that we can learn its strengths and limitations. Simple testing of this program will also need to occur so that we could evaluate its effectiveness. Several sample images will be taken of several individuals to be used as test cases one each for account images, and several each for live images, each of which would vary pose, lighting conditions, and expressions. Once a final program is chosen, we will develop a simple ATM black box program. This program will serve as the theoretical ATM with which the facial recognition software will interact. It will take in a name and password, and then look in a folder for an image that is associated with that name. It will then take in an image from a separate folder of live images and use the facial recognition program to generate a match level between the two. Finally it will use the match level to decide whether or not to allow access, at which point it will terminate. All of this will be necessary, of course, because we will not have access to an actual ATM or its software. Both pieces of software will be compiled and run on a Windows XP and a Linux system. Once they are both functioning properly, they will be tweaked as much as possible to increase performance (decreasing the time spent matching) and to decrease memory footprint. 49 V. PROPOSED WORK Locate a powerful open-source facial recognition program that uses local feature analysis and that is targeted at facial verification. (should be compliable on multiple systems, including Linux and Windows variants, and should be customizable to the extent of allowing for variations in processing power of the machines onto which it would be deployed) then we need to familiarize ourselves with the internal workings of the program so that we can learn its strengths and limitations. Simple testing of this program will also need to occur so that we could evaluate its effectiveness. Once a final program is chosen, we will develop a simple ATM black box program. 1) DATA ACQUISITION: Several sample images will be taken of several individuals to be used as test cases one each for account images, and several each for live images, each of which would vary pose, lighting conditions, and expressions. 2) INPUT : It will take in a name and password, and then look in a folder for an image that is associated with that name. It will then take in an image from a separate folder of live images and use the facial recognition program to generate a match level between the two. 3) FACE IMAGE CLASSIFICATION : Finally it will use the match level to decide whether or not to allow access, at which point it will terminate. Fig-2 Use of DIP in ATM A. DATA ACQUISITION The input can be recorded video of the speaker or a still image. A sample of 1 sec duration consists of a 25 frame video sequence. More than one camera can be used to produce a 3D representation of the face and to protect against the usage of photographs to gain unauthorized access B. INPUT PROCESSING A pre-processing module locates the eye position and takes care of the surrounding lighting condition and colour variance. First the presence of faces or face in a scene must be detected. Once the face is detected, it must be localized and Normalization process
VI. 50 may be required to bring the dimensions of the live facial sample in alignment with the one on the template. C. FACE IMAGE CLASSIFICATION The appearance of the face can change considerably during speech and due to facial expressions. In particular the mouth is subjected to fundamental changes but is also very important source for discriminating faces. So an approach to person s recognition is developed based on patiotemporal modeling of features extracted from talking face. Models are trained specific to a person s speech articulate and the way that the person speaks. D. DECISION MAKING Face recognition starts with a picture, attempting to find a person in the image.the face recognition system locates the head and finally the eyes of the individual. A matrix is then developed based on the characteristics of the Individual s face. The method of defining the matrix varies according to the algorithm This matrix is then compared to matrices that are in a database and a similarity score is generated for each comparison RELIABILITY AND ADVANTAGES A. RELIABILITY It requires no physical interaction on behalf of the user. It is accurate and allows for high enrollment and verification rates. It does not require an expert to interpret the comparison result. It can use your existing hardware infrastructure, existing cameras and image capture Devices will work with no problems It is the only biometric that allow you to perform passive identification. B. ADVANTAGES The avantages are as follows- 1) Deliver a practical and workable solution that addresses the requirements of the regulatory authorities. 2) Limit the financial risks given that they were forced to take responsibility for financial loss [rather than being allowed to pass this on to the account-holder] 3) Provide a framework that still allowed for high withdrawal limits to cater for the demands of a cashfocused customer base 4) Take societal responsibility to reduce rising levels of crime that were associated with cash-card transactions 5) Increase customer satisfaction 6) Different charges for transactions given that the transaction takes place in a more secure manner 7) Higher withdrawal and transaction limits 8) Peace of mind given the higher level of security applied to the account VII. CONCLUSION We thus develop an ATM model that is more reliable in providing security by using facial recognition software. By keeping the time elapsed in the verification process to a negligible amount we even try to maintain the efficiency of this ATM system to a greater degree. Biometrics as means of identifying and authenticating account owners at the Automated Teller Machines gives the needed and much anticipated solution to the problem of illegal transactions. In this paper, we have tried to proffer a solution to the much dreaded issue of fraudulent transactions through Automated Teller Machine by biometrics that can be made possible only when the account holder is physically present. Thus, it eliminates cases of illegal transactions at the ATM points without the knowledge of the authentic owner. Using a biometric feature for identification is strong and it is further fortified when another is used at authentication level. VIII. REFERENCES [1] Adeoti, J. (2011). Automated Teller Machine (ATM) frauds in Nigeria: the way out. [2] Adini (2010). Nigerian banks look to biometric ATM machines to reduce fraud. [3] Identifiers for Digital Identity Management [4] Bhargav-Spantzel A., Squicciarini A., Bertino E.Kong X & Zhang W.(2010). Biometrics- Based. [5] Consultative Group for International Agricultural Research, CGIAR (2009). Network user
identification and authentication good practice guide. [6] Das, S. & Debbarma, J.(2011). Designing a biometric strategy (fingerprint) measure for enhancing ATM security in India e-banking system. International Journal of Information and Communication Technology Research vol 1 no 5 p 197-203. [7] Devinaga, R. (2010). ATM risk management and controls. European journal of economic, finance and administrative sciences. ISSN 1450-2275 issue 21.. [8] George Webster (2010). Biometric ATM gives cash via facial recognition scan. [9] Heather Crawford (2011). Applying Usable Security Principles to Authentication. [10] Jacobs, B. & Poll, E. (2010) Biometrics and Smart Cards in Identity Management [11] Researchers at MIT, Baback Moghaddam and Alex Pentland, and one a commercial product from Identix called FaceIt [12] PROVIDING Security for ATM s Using Digital Image Processing for Abnormal Incident detection G.Himaja, B.Rambabu, B.Malakonda Reddy [13] Facial Verification Technology for Use In Atm Transactions Aru, Okereke Eze, Ihekweaba Gozie. 51