Rules for using EMV cards at an ATM

As you know, despite the constant increase in the number of bank cards in circulation, most of the operations performed on bank cards are still cash withdrawal operations. The growth of the number of payment card users is not possible without the development of their service infrastructure, and such a large volume of cash withdrawal operations cannot but push banks to expand their ATM networks.
Currently, in addition to issuing cash, ATMs allow you to pay utility bills, services of mobile operators and television, transfer funds between bank cards, top up your account in cash, accept loan payments and perform currency exchange operations.

ATMs, as a rule, support work with cards of international payment systems (Visa and Master Card – almost always, American Express and Diners Club – less often), and some devices can serve microprocessor cards
By expanding their ATM network, banks solve the following tasks:
* increase the number of points accepting bank cards for service;
* increase the service delivery time by using ATMs operating 24 hours a day;
* expand the range of services offered to customers, constantly expanding the functionality of the ATM;
* reduce the costs of the bank’s retail operations (cash withdrawal, loan payment, cash contribution, etc.) due to full automation of operations;
* increase the revenue part of receipts due to the commission on transactions with cards of “foreign” banks;
* provide the possibility of additional advertising on ATMs.
The main types of devices and their capabilities
The main types of self-service devices widely represented on the market of banking equipment include ATMs (ATM – Automatic teller machine) and information and transaction terminals (information kiosks).
ATMs. A classic modern ATM generally consists of the following components, which ultimately determine its functionality:
Input/output devices. These devices provide the client with an interface for interacting with the ATM when performing a client operation: selecting menu items displayed on the screen, entering data (for example, amounts), confirming the operation, refusing to perform the operation, etc. These devices include: a monitor, a functional keyboard, a cryptographic keyboard (used as a keyboard for data entry). Currently, modern ATMs are equipped mainly with touch-screen monitors, which allow you to abandon the use of a functional keyboard.

Card readers (card readers). The devices are designed to read data from cards with a magnetic stripe, contact and contactless cards of the EMV standard, microprocessor cards of local payment systems (for example, a Savings card or a Golden Crown). The card readers used must be certified by international payment systems.
Security devices. The security devices include a cryptographic keyboard (EPP – Encryption Pin Pad), in which cryptographic keys are stored in a protected memory area, used to encrypt the PIN code entered by the client, as well as to form a MAC signature for an authorization request.

Dispenser. The device is designed for storing and issuing banknotes. The device consists of a mechanism for collecting banknotes from cassettes, a mechanism for feeding banknotes to the client, cassettes in which banknotes are stored for issuance, cassettes for storing banknotes forgotten by the client and banknotes rejected by the dispenser at the time of the collection from cassettes. All cassettes are physically located in a safe integrated into the ATM case.
Cash acceptance module (CashIn module). The device is designed to accept cash banknotes and validate their authenticity.
Printing devices. Printing devices include printers designed to print client documents (receipts and statements), as well as journal printers designed to print information about the actions performed by an ATM (i.e. maintaining a protocol of the device). Large-format printers (A4 format) are used to print statements to the client. Also, according to the mechanism used for printing, printers can be divided into matrix and thermal printers.

Personal computer. All of the above devices are connected to a personal computer. Software is installed on the computer that manages the connected peripheral equipment and implements the business logic of the ATM operation.
Information and transaction terminals. The information and transaction terminal is designed to provide information services to customers and perform simple payment transactions. Unlike an ATM, the configuration of this device does not include a dispenser. Information kiosks have more compact dimensions and a diverse exterior design.

Services provided

ATMs, together with processing centers and payment systems, provide their customers with a wide range of services. At the same time, customers get access to services in self-service mode. Below is a list of the most common operations that can be performed at an ATM:
* cash withdrawal by international bank cards with magnetic stripe, EMV standard cards, cards of local payment systems (including microprocessor cards);
* getting the balance on the card account;
* getting the history of operations on the card;
* changing the PIN code of the card;
* payments to various service providers where a bank card is used as a means of payment;
* payments to various service providers in cash;
* replenishment of the bank card account in cash;
* transfer of funds from card to card;
* currency exchange operations;
* information services (provision of background information and advertising);
* administrative operations for service engineers and cash collectors that are performed to manage ATM devices and the ATM operating day (cassette management, opening/closing of the day, change of cryptographic keys);
* other operations depending on the features of the functions provided by local card products.
It should be noted that the list of services provided depends both on the software of ATMs and the hardware configuration of these devices, and on the operations supported by processing centers to which these ATMs are connected. For example, in order to provide the function of receiving cash, the ATM must be equipped with a specialized module for receiving bills (CashIn module), appropriate software must be installed on the ATM, the processing center must support the function of receiving cash.

The services that an information and transaction terminal can provide to customers are identical to the list of services provided by an ATM, with the exception of cash withdrawal services.
In addition, it should be noted that ATMs and information and transaction terminals can function according to two basic schemes.
The first scheme is when the ATM is under the control of a processing center. With this interaction scheme, the main logic of performing operations is determined by the processing center, the ATM executes scripts that are loaded from the processing center as parameters. This scheme is implemented by such ATM interaction protocols with processing centers as NDC, DDC, SSD.
The second scheme is when the entire logic of performing operations is determined by the ATM software. With this scheme, the interaction of the ATM with the processing center is carried out on operations that require authorization of the processing center. This scheme is implemented, for example, by the ISO8583 interaction protocol.
Leading manufacturers of ATMs and information and transaction terminals

Wincor Nixdorf is one of the world’s leading suppliers of self-service systems (ATMs and information and transaction terminals), as well as monitoring and control systems for self-service devices.

Diebold company specializes in the supply of banking equipment (ATMs) and complex software solutions for banking equipment.

The cashier initializes a financial transaction from the cash register (KKM), as a result of which a request for this operation is sent to the server (in this case, PULSAR Server) using a specialized SA protocol. The server, in turn, generates and sends a message to the SC-5000 PIN keyboard. KKM resources are used as a transport medium (a control channel is organized). Special software in the PIN keyboard prepares data for authorization, following the algorithm of working with the EMV card. After completing the preparation of authorization data, they are transmitted in open or closed form to the server for subsequent transmission to the host. The server converts the data into the format required for the host system and implements the data exchange procedure with the host. The results of the data exchange are converted into the SA protocol and transmitted to the PIN keyboard. After analyzing the result of the exchange with the host, the PIN keyboard returns the result of the operation to the server, which, after receiving this information, sends the result of the operation to the CMC to print the receipt.

POS terminal device

The POS terminal includes the following physical devices, which can be located both in separate enclosures and in a single monoblock enclosure:
* magnetic and EMV card readers;
* communication channel for data exchange with the authorization center;
• for client authentication, a PIN pad for entering a PIN;
* receipt printer for transaction document and signature;
* interface (display with keyboard) with the cashier and (or) with the customer;
Depending on the physical separation of the cashier’s and customer’s seats, a separate PIN pad may be required to be installed at the customer’s place.
Here are the criteria for evaluating POS devices (according to the methods of the consulting company IHL Consulting Group):
1. The quality of user interfaces and architecture of the solution to achieve maximum throughput.
2. Flexible customization of user interfaces.
3. Prevention of data loss.
4. Support for a large range of communication channels with a sufficient degree of security.
5. Support of User loyalty systems.
6. Support learning mode on the device.
7. Interactive assistance system at all stages of work.

Services provided by POS terminals

The services provided by POS terminals (of course, in conjunction with the bank’s authorization center and payment systems) are quite extensive
• * conducting transactions for payment of goods and services by bank card;
* making a loan for the purchase of goods or services;
* managing the client’s account:
* viewing the balances of sub-accounts of his account;
* view transaction history (statement);
* transfer funds from your account to another;
* payment for communication services, utilities and other services;
* pin change;
* replenishment of offline wallets;
* support for loyalty systems:
* discount schemes;
* bonus schemes.
In addition to the services provided to the client, the POS terminal must provide the technological process of the authorization center:
• opening/closing of the day;
* opening/closing shifts;
* uploading the transaction log;
* reconciliation of results;
* change of keys, etc
. Leading manufacturers and suppliers of equipment

The prospects

The technology of servicing bank cards at terminals is constantly being improved in several directions.
with the development of computing power, the risk of hacking the security systems of payment systems increases, hence the constant work on strengthening their cryptographic protection;
• with the use of open networks (Wi-Fi, Ethernet, etc.) in POS terminals, new data protection requirements are introduced in such channels;
* the experience of disclosed frauds is constantly used to develop new protection strategies;
* with the development of biotechnology, new more secure customer authentication mechanisms will be introduced.
Service speed :
* with the installation of POS terminals in hypermarkets with large flows of customers, increasingly stringent requirements are being put forward for the time of transactions and an increase in throughput. These requirements primarily relate to communication channels with the authorization center and the hardware and software platform of terminals;
* contactless card technologies are being introduced.
Expanding the range of services :
* to attract customers to trade and service enterprises, various loyalty systems are being implemented on co-branded cards with payment systems. It is possible to predict the emergence of interbank processing companies with their own loyalty schemes.
* payments for communication services and utilities, money transfers are becoming an additional popular functionality of POS terminals.


The list of services that banks offer to their customers through ATMs and information and transaction terminals is constantly expanding.
The main directions of further development of services provided by self-service devices can be considered as the following:
* expansion of the nomenclature and recipients of payments made through self-service devices. As a result, cash flows will grow, the cost of operations will decrease, and bank revenues will increase due to commission receipts;
* integration of banking software installed on self-service devices with non-banking applications. For example, access to the services of information non-banking systems, including on a paid basis;
* support for new technologies introduced by international payment systems (for example, support for working with contactless microprocessor cards);
* implementation of monitoring systems, self-service device management, video surveillance systems.
Banks also see the task of increasing the efficiency of using the network of self-service devices as one of the main tasks at present
• * optimization of equipment by installation points (redistribution of equipment);
* increase the operating time of self-service devices (up to 24 hours a day);
* reduction of equipment downtime due to optimization of service policy and optimization of equipment collection procedures.