Symbol and IoT: joint frontier for secure payments
In our article about how Symbol can secure the use of credit cards around the world, we focused on the growing problem of card skimmers placed in gas/petrol pumps.
We have explained how Symbol works in conjunction with IoT devices to maintain a constantly updated immutable record of the condition of gas/petrol station pumps. These records can be easily accessed by gas station owners, pump operators, and even consumers. This allows customers to use pumps with confidence, knowing that the point of sale systems are being securely maintained.
A similar process can be applied to Automated Teller Machines (ATMs). Thieves also target ATMs using the same methods applied to skim cards at unmanned gas pumps. Even though we are evolving to a digital and card based society where the majority of transactions will be performed digitally and online, approximately 20% of all money in circulation will be processed via cash and ATMs. As a result, we will now outline how Symbol supports the use of sophisticated security protocols to prevent ATM fraud.
According to Statista, the number of attacks on ATMs in Europe was close to 20,000 in 2019, with the losses incurred during these attacks amounting to around 250 million Euros in 2019.
What is ATM fraud?
ATM fraud generally involves the use of card skimmers and shimmers, with the same skimming techniques being used for gas/petrol station pumps and ATMs. Thieves place small devices on or inside ATMs that are able to capture the details stored in the card’s magnetic stripe or card chip, and the skimmer sends the data via SMS or Bluetooth to a waiting phone or laptop.
ATM fraud is often more sophisticated than gas/petrol pump fraud as thieves can opt to place identical copies of external covers, keypads, and card readers over ATMs which makes any tampering extremely difficult to detect. These covers can contain a magnetic strip reader, while the keypad can be used to capture PIN numbers. In addition, criminals also place cameras over the keypad to identify any numbers being pressed.
However, thieves are also increasingly employing the use of shimmers, which can even read the details of chip-based cards. Shimmers are smaller than skimmers, and can in fact fit inside an ATM’s credit card reader. This makes it very difficult to spot any tampering.
Regardless of the method used to gain consumers’ card details, the stolen information goes towards the creation of cloned cards which are used in fraudulent transactions.
How can Symbol and IoT solve this problem?
Symbol combines with IoT devices to secure gas/petrol station pumps, vending machines, and ATMs.
Symbol has a strategic partnership with IoDLT, which is an innovative business to business (B2B) tech company merging blockchain and IoT technology. The company offers a unique “IoT Skin” solution which covers the entire ATM, and can also be used inside the machine cabinet and card reader.
The IoT Skin acts as a smart cover and monitors its environment. It has the ability to note and act on any changes. The skin is supplemented by an IoT monitoring device placed inside the ATM.
The skin can detect changes to the ATM and whether objects have been placed over the keypad or near the card reader for extended periods. When this happens, the ATM’s monitoring device notifies the owner of the change which allows for the quick examination of the ATM.
This system also has the ability to differentiate between normal usage, and recognises when people are using the ATM, even for extended time periods.However, any items being left on the ATM will trigger a notification. For example, the bank staff will be notified if gum is left on a machine for over three minutes.
This solution incorporates a smart lock and magnetic reed sensor to further strengthen the ATM to ensure that the machines are only opened by verified individuals.
Symbol remains central to these operations as everything recorded by the skin and monitoring device is transmitted to Symbol and logged on the blockchain. This creates an immutable record on the security status of any enhanced ATM which is available 24/7.
Further, a scannable NFC or QR tag placed close to the machine allows users to easily check on the condition of any ATM.
This real-time monitoring system records all interactions and logs any suspicious activity, scheduled checks, and machine usage. Any ATM considered to be safe is labelled as such on the blockchain, allowing customers to use it with full confidence that their card details will not be stolen.
Enhanced ATM maintenance and veriﬁcation
In addition to monitoring the security status of ATMs, Symbol supports controlled access to each machine and ensures that only qualified individuals are able to modify any part of a machine. Once again, the Symbol tech stack is perfectly suited to these activities via the use of Mosaics, Namespaces, and Aggregate Bonded Transactions or Smart Contracts.
Similar to the process which works to secure gas/petrol station pumps, a company or organization can create a unique Symbol domain or namespace. This namespace can never be used by another person or entity and allows for the creation of an on-chain, non-transferable certificate, or Symbol mosaic.
Every qualified ATM operator must own a mosaic certificate, and Mosaic Restrictions features allow for specific restrictions to be set and applied to each certificate. These can include limiting verified ATM access to specific locations within certain timeframes. The restrictions act as network-wide rules that apply to each operator and define when and where they are allowed to service machines.
The maintenance process is further enhanced by the use of one-time smart contracts or Aggregate Bonded transactions. The ATM owner and ATM operator can generate a smart contract prior to an ATM being serviced. This contract can contain the location of an ATM as well as set timeframe for maintenance, and a secret, encrypted code that the IoT device inside the ATM will ask for as part of the authentication process.
The IoT device will check the operator certificate, secret code, and account metadata concerning locations and timeframes agreed upon in the smart contract. The smart lock unlocks when this is all confirmed, while the magnetic reaed sensor confirms the opening of the cabinet, and the IoT device logs the interaction as being valid on-chain.
Securing ATMs around the globe
The use of blockchain and IoT technologies modernizes the process of securing and maintaining ATMs, and covers all aspects of cash refills, ATM modifications, and repairs. This system leads to greater trust and transparency for ATM owners and operators, as well as obvious benefits for customers and credit card providers.
The transparency inspires confidence and trust for all ATM users, and significantly diminishes the amount of funds and resources lost to thieves and scammers. This confidence is powered by a Symbol tech stack that combines the use of Mosaics, Namespaces, smart contracts, and API connectivity to facilitate the creation and daily operation of comprehensive ATM security systems.
Symbol can be used to secure ATMs, gas/petrol pumps, and vending machines, and it combines with IoT devices to enable businesses to fence their machines with cutting edge, highly robust security solutions.