An investigation of the level of security on automated teller machines (ATM) in Zambia based on payment card industry data security standard (PCI DSS).

Thumbnail Image
Kasanda, Ella Nsonta
Journal Title
Journal ISSN
Volume Title
The University of Zambia
Automated Teller Machines (ATM) have revolutionized banking in Zambia, as customers are able to conduct several banking activities without physical Interaction with bank staff. They have however brought with them challenges of cyber-crime. Banks in Zambia have suffered financial losses through ATM fraud. Compliance with the Payment Card Industry Data Security Standard (PCI DSS) can mitigate ATM cyber-crimes in Zambia. The objectives of this research are to investigate challenges and the level of security on ATMs in Zambia based on the PCI DSS standard, and to investigate the effect of the EMV chip and PIN card on ATM crime and finally propose a framework to address the challenges of ATM fraud in Zambia. To address the first objective, a baseline study was carried out using the twelve requirements of the PCI DSS framework. Purposive sampling was used to select Information Technology staff in charge of ATM security from eight commercial banks in Zambia and employees from two ATM vendor companies as the target population of the research. The statistical information from Bank of Zambia on the ATM frauds faced before and after the introduction of the EMV chip and PIN card was used to address the second objective. Based on the results from the first and second objectives a Framework was proposed to help reduce ATM fraud in Zambia. From the baseline study it has been established that all the eight participating banks are non-compliant to the PCI DSS Framework. The levels of compliance range from 50% to 83%. This compromises ATM security as a cyber-criminal only needs 1 non-compliance to compromise card holder data. The statistics from Bank of Zambia show that ATM fraud has continued to rise even after the introduction of the chip and PIN card. A 6 layered framework has been proposed to help banks enhance ATM security and to ensure the country is cyber-ready for emerging ATM crimes like Jackpotting. The PCI DSS is part of the security measures in the proposed framework.
Thesis of Master of Engineering degree in ICT Security.