1

CONTENTS

Topics Page No.

1. INTRODUCTION 6

2. HISTORY OF AN ATM 8

3. ATM 11

4. NEED OF FACIAL RECOGNITION 19

5. WHERE IT IS USED 21

6. HOW FACIAL RECOGNITION WORKS 25

7. REPUTATION AMONG ATM OWNERS 36

8. CONCLUSION 41

9. BIBLIOGRAPHY 43

2
 1. Introduction

The rise of technology has brought into force many types of

equipment that aim at more customer satisfaction. ATM is one such machine which
made money transactions easy for customers to bank. The other side of this
improvement is the enhancement of the culprit's probability to get his 'unauthentic'
share. Traditionally, security is handled by requiring the combination of a physical
access card and a PIN or other password in order to access a customer's account.
This model invites fraudulent attempts through stolen cards, badly-chosen or
automatically assigned PINs, cards with little or no encryption schemes, employees
with access to non-encrypted customer account information and other points of
failure. Our paper proposes an automatic teller machine security model that would
combine a physical access card, a PIN, and electronic facial recognition. By forcing
the ATM to match a live image of a customer's face with an image stored in a bank
database that is associated with the account number, the damage to be caused by
stolen cards and PINs is effectively neutralized. Only when the PIN matches the
account and the live image and stored image match would a user be considered fully
verified. The main issues faced in developing such a model are keeping the time
elapsed in the verification process to a negligible amount, allowing for an
appropriate level of variation in a customer's face when compared to the database
image, and that credit cards which can be used at ATMs to withdraw funds are
generally issued by institutions that do not have in-person contact with the customer,
and hence no opportunity to acquire a photo. Because the system would only attempt
to match two (and later, a few) discrete images, searching through a large database
of possible matching candidates would be unnecessary. The process would
effectively become an exercise in pattern matching, which would not require a great
deal of time. With appropriate lighting and robust learning software, slight variations

3
could be accounted for in most cases. Further, a positive visual match would cause
the live image to be stored in the database so that future transactions would have a
broader base from which to compare if the original account image fails to provide a
match - thereby decreasing false negatives. When a match is made with the PIN but
not the images, the bank could limit transactions in a manner agreed upon by the
customer when the account was opened, and could store the image of the user for
later examination by bank officials. In regards to bank employees gaining access to
customer PIN for use in fraudulent transactions, this system would likewise reduce
that threat to exposure to the low limit imposed by the bank and agreed to by the
customer on visually unverifiable transactions. In the case of credit card use at
ATMs, such a verification system would not currently be feasible without creating
an overhaul for the entire credit card issuing industry, but it is possible that positive
results achieved by this system might motivate such an overhaul. The last
consideration is that consumers may be wary of the privacy concerns raised by
maintaining images of customers in a bank database, encrypted or otherwise, due to
possible hacking attempts or employee misuse. However, one could argue that
having the image compromised by a third party would have far less dire
consequences than the account information itself. Furthermore, since nearly all
ATMs videotape customers engaging in transactions, it is no broad leap to realize
that banks already build an archive of their customer images, even if they are not
necessarily grouped with account information.

4
 2. History of an ATM

The world's first ATM was produced by NCR in Dundee,

Scotland, and installed in Enfield Town in north London on June 27, 1967 by
Barclays Bank. This instance of the invention is credited to John Shepherd-Barron,
although George Simjian registered patents in New York, USA in the 1930s and
Don Wetzel and two other engineers from Docutel registered a patent on June 4,
1973. Shepherd-Barron was awarded an OBE in the 2005 New Year's Honours.
As is often the case with inventions, many inventors
contribute to the history of an invention. In the case of the ATM, Don Wetzel
invented the first successful and modern ATM in the USA, however he was not first
inventor to create an ATM. In 1939, Luther George Simjian started patenting an
earlier and not-so-successful version of an ATM.
Early cards were retained by the machine and worked on
various principles including radiation and low-coercivity magnetism that was wiped
by the card reader to make fraud more difficult.
Modern ATM banking was tested in NZ’s Christchurch
region before being rolled out elsewhere as a banking service.

5
Don Wetzel:
An automatic teller machine or ATM allows a bank customer to
conduct their banking transactions from almost every other ATM machine in the
world. Don Wetzel was the co-patentee and chief conceptualist of the automated
teller machine, an idea he said he thought of while waiting in line at a Dallas bank.
At the time (1968) Wetzel was the Vice President of Product Planning at Docutel,
the company that developed automated baggage-handling equipment. The other two
inventors listed on the patent were Tom Barnes, the chief mechanical engineer and
George Chastain, the electrical engineer. It took five million dollars to develop the
ATM. The concept of the modern ATM first began in 1968, a working prototype
came about in 1969 and Docutel was issued a patent in 1973. The first working
ATM was installed in a New York based Chemical Bank. (Editor’s note: There are
different claims to which bank had the first ATM, I have used Don Wetzel's
reference.)
“No, it wasn't in a lobby, it was actually in the wall of the
bank, out on the street. They put a canopy over it to protect it from the rain and the
weather of all sorts. Unfortunately they put the canopy too high and the rain came
under it. (Laughing) One time we had water in the machine and we had to do some
extensive repairs. It was a walkup on the outside of the bank. That was the first one.
And it was a cash dispenser only, not a full ATM... We had a cash dispenser, and
then the next version was going to be the total teller (created in 1971), which is the
ATM we all know today -- takes deposits, transfers money from checking to
savings, savings to checking, cash advances to your credit card, takes payments;
things like that. So they didn't want just a cash dispenser alone." - Don Wetzel on the
first ATM installed at the Rockville Center, New York Chemical Bank from a
NMAH interview.

6
 The first ATMs were off-line machines, meaning money was not automatically
withdrawn from an account. The bank accounts were not (at that time) connected by
a computer network to the ATM. Therefore, banks were at first very exclusive about
who they gave ATM privileges to. Giving them only to credit card holders (credit
cards were used before ATM cards) with good banking records. Wetzel, Barnes and
Chastain developed the first real ATM cards, cards with a magnetic strip and a
personal ID number to get cash. ATM cards had to be different from credit cards
(then without magnetic strips) so account information could be
included.
The ATM is now 30 years old.

7
 3. ATM

ATM Machine
(Automatic Teller Machine) A banking terminal that accepts
deposits and dispenses cash. ATMs are activated by inserting a cash or credit card
that contains the user's account number and PIN on a magnetic stripe. The ATM
calls up the bank's computers to verify the balance, dispenses the cash and then
transmits a completed transaction notice. The word "machine" in the term "ATM
machine" is certainly redundant, but widely used.
An automated teller machine (ATM) is a data terminal with
two input and four output devices. Similar to many other data terminals, the ATM
must connect and communicate through a host network. The host network may be
compared to an Internet Service Provider in that it is the gateway through which all
the various ATM networks become available to the cardholder.

The two input devices in an ATM are:

1. A card reader that captures information stored on the magnetic strip on the back of
the ATM debit or credit card.
2. A keypad that allows the card holder to inform the bank of the required
transaction (cash withdrawal, transfer of funds, balance inquiry, etc.) and the
required amount.

8
 The four output methods in an ATM are:

1. A speaker that provides the cardholder with audio feedback when a key is pressed.
2. A display screen that prompts the cardholder through each step of the transaction
process.
3. A printer that provides the cardholder with a receipt.
4. A safe and cash dispensing mechanism.

The cash dispensing mechanism contains an electric eye that

counts each bill as it exits and provides a recorded log for transaction accuracy. To
ensure that more than one bill is not dispensed, this mechanism also contains a
sensor that measures the thickness of each bill. If two bills are stuck together or are
excessively worn or torn, they are diverted into a reject bin for later retrieval at the
time of machine maintenance.

9
10
3.1 Networking
Most ATMs are connected to inter bank network enabling
people to withdraw and deposit money from machines not belonging to the bank
where they have their account. This is a convenience, especially for people who are
travelling: it is possible to make withdrawals in places where one's bank has no
branches, and even to withdraw local currency in a foreign country, often at a better
exchange rate than would be available by changing cash.
ATMs rely on Authorization of a Transaction by the card
issuer or other authorizing institution via the communications network.

3.2 ATM charges

Many banks in the United States charge fees for the use of
their ATMs. In some cases, these fees are assessed solely for non-bank members, in
other cases they apply to all users. Many oppose these fees because ATMs are
actually less costly for banks than withdrawals from human tellers.
When the ATM surcharges emerged in the 1990s, they
usually were on the order of $ 0.25. Quickly, however, they climbed. ATM fees now
commonly reach $1.50, and can be as high as $5.00, especially around bars and
casinos. In cases where fees are paid both to the bank and the ATM owner
withdrawal fees could potentially reach $10.
ATMs are placed not only near banks, but also in locations
such as malls, grocery stores, and restaurants. Sometimes, ATMs are advertised for
their fees. In many states, one can circumvent ATM fees by using debit cards at
retail stores. Many stores allow a debit-card user to receive "cash back" with an
order; that is, one could make a $63 debit on a $13 order and receive $50 in change.
In the United Kingdom, public reaction to proposed increases
in fees was so strong that fees were removed altogether for using ATMs at banks,

11
regardless of whether the user is a customer of that bank. Machines in garages,
nightclubs and other venues do charge, however.

3.3 Hardware and software

ATMs contain secure cryptoprocessors, generally within an

IBM PC compatible host computer in a secure enclosure. The security of the
machine relies mostly on the integrity of the secure cryptoprocessor: the host
software often runs on a commodity operating system.
ATMs typically connect directly to their ATM Transaction
Processor via either a dial-up modem over a telephone line or directly via a leased
line. The latter is preferable as the time required to establish the connection is much
less. Such connections are rather expensive, though, meaning less-trafficked
machines will usually rely on a dial-up modem. That dilemma may be solved as
more ATMs use dedicated high-speed Internet connections, which are much cheaper
than leased lines. Encryption is used to prevent theft of personal or financial
information.
In addition, ATMs are moving away from custom circuit
boards (most of which are based on Intel 8086 architecture) and into full-fledged
with commodity operating systems such as Windows 2000 and Linux . An
example of this is Banrisul , the largest bank in the South of Brazil , which has
replaced the MS-DOS operating systems in its automatic teller machines with Linux.
Other platforms include RMX 86, OS/2 and Windows 98 bundled with Java . The
newest ATMs with Microsoft technology use Windows XP d or Windows XP
embedded.

12
3.4 Reliability
ATMs are generally reliable, but if they do go wrong
customers will be left without cash until the following morning or whenever they
can get to the bank during opening hours. Of course, not all errors are to the
detriment of customers; there have been cases of machines giving out money
without debiting the account, or giving out higher value notes as a result of incorrect
denomination of banknote being loaded in the money cassettes. Errors that can
occur may be mechanical (such as card transport mechanisms; keypads; hard disk
failures); software (such as operating system; device driver ; application);
communications ; or purely down to operator error.

3.5 Security
Early ATM security focused on making the ATMs
invulnerable to physical attack; they were effectively safes with dispenser
mechanisms. A number of attacks on ATMs resulted, with thieves attempting to
steal entire ATMs by ram-raiding.
Modern ATM physical security, like other modern money-
handling security, concentrates on denying the use of the money inside the machine
to a thief, by means of techniques such as dye markers and smoke canisters. This
change in emphasis has meant that ATMs are now frequently found free-standing in
places like shops, rather than mounted into walls.
Another trend in ATM security leverages the existing
security of a retail establishment. In this scenario, the fortified cash dispenser is
replaced with nothing more than a paper-tape printer. The customer requests a
withdrawal from the machine, which dispenses no money, but merely prints a
receipt. The customer then takes this receipt to a nearby sales clerk, who then
exchanges it for cash from the till.

13
 ATM transactions are usually encrypted with DES (Data
Encryption Standard) but most transaction processors will require the use of the
more secure Triple DES by 2005.
There are also many “phantom withdrawals "from ATMs,
which banks often claim are the result of fraud by customers. Many experts ascribe
phantom withdrawals to the criminal activity of dishonest insiders. Ross Anderson,
a leading cryptography researcher, has been involved in investigating many cases of
phantom withdrawals, and has been responsible for exposing several errors in bank
security.
There have also been a number of incidents of fraud where
criminals have used fake machines or have attached fake keypads or card readers to
existing machines. These have then been used to record customers' PINs and bank
account details in order to gain unauthorized access to their accounts.
A bank is always liable when a customer's money is stolen
from an ATM, but there have been complaints that banks have made it difficult to
recover money lost in this way. In some cases, bank fraud occurs at ATMs whereby
the bank accidentally stocks the ATM with bills in the wrong denomination,
therefore giving the customer more money than should be dispensed. Individuals
who unknowingly use such ATMs are probably never tried, but those who withdraw
a second time are usually prosecuted.

In countries with high levels of violent crime like the

United States, multiple security cameras are a ubiquitous ATM feature.

14
3.6 ATM fraud
In the early 2000s, ATM-specific crimes became common.
These had two common forms. In the low-tech form, the user's PIN is observed by
someone watching as they use the machine; they are then mugged for their card by a
second person, who has taken care to stay out of range of the ATM's surveillance
cameras. However, this offers little advantage compared to simply mugging the
victim for their money, and carries the same risks to the offender as other violent
crimes. By contrast, the most common high-tech modus operandi involves the
installation of a magnetic card reader over the real ATM's card slot, and the use of a
wireless surveillance camera to observe the user's PIN. Although the latter fraud
would have seemed like something from a spy novel until recently, the availability
of low-cost commodity wireless cameras and card readers has made it a relatively
simple form of fraud, with comparatively low risk to the fraudsters.
As of 2005, banks are working hard to develop
countermeasures for this latter kind of fraud, in particular by the use of smart cards
which cannot easily be read by un-authenticated devices, and by attempting to make
the outside of their ATMs tamper evident.

15
 4. Need of Facial Recognition at ATM

ATM is one such machine which made money transactions

easy for customers to bank. The other side of this improvement is the enhancement
of the culprit's probability to get his 'unauthentic' share. Traditionally, security is
handled by requiring the combination of a physical access card and a PIN or other
password in order to access a customer's account. The Facial Recognition scheme at
ATM invites fraudulent attempts through stolen cards, badly-chosen or
automatically assigned PIN, cards with little or no encryption schemes, employees
with access to non-encrypted customer account information and other points of
failure.
This technology like this proposes an automatic teller machine
security model that would combine a physical access card, a PIN, and electronic
facial recognition. By forcing the ATM to match a live image of a customer's face
with an image stored in a bank database that is associated with the account number,
the damage to be caused by stolen cards and PIN is effectively neutralized. Only
when the PIN matches the account and the live image and stored image match would
a user be considered fully verified.
Further, a positive visual match would cause the live image to
be stored in the database so that future transactions would have a broader base from
which to compare if the original account image fails to provide a match - thereby
decreasing false negatives. When a match is made with the PIN but not the images,
the bank could limit transactions or even there would be no transaction at all in a
manner agreed upon by the customer when the account was opened, and could store
the image of the user for later examination by bank officials.

16
 In regards to bank employees gaining access to customer PIN
for use in fraudulent transactions, this system would likewise reduce that threat to
exposure to the low limit imposed by the bank and agreed to by the customer on
visually unverifiable transactions.
Using the facial recognition technology, system can search
through facial images in the database for duplicates at the time of access.
Potential applications include ATM and check-cashing security. The software is able
to quickly verify a customer's face. After the user consents, the ATM or check-
cashing kiosk captures a digital Photo of the customer. The software then generates a
face print of the photograph to protect customers against identity theft and fraudulent
transactions. By using facial recognition software, there's no need for a picture ID,
bank card or even personal identification number (PIN) to verify a Customer’s
identity can be skipped.

17
 5. Where Facial Recognition Technology is Used

The primary users of facial recognition software like FaceIt

have been law enforcement agencies, which use the system to capture random faces
in crowds. These faces are compared to a database of criminal mug shots. In addition
to law enforcement and security surveillance, facial recognition software has several
other uses, including:
• Eliminating voter fraud
• Check-cashing identity verification
• Computer security

One of the most innovative uses of facial recognition is being

employed by the Mexican government, which is using the technology to weed out
duplicate voter registrations. To sway an election, people will register several times
under different names so they can vote more than once. Conventional methods have
not been very successful at catching these people.
Using the facial recognition technology, officials can search through
facial images in the voter database for duplicates at the time of registration. New
images are compared to the records already on file to catch those who attempt to
register under aliases. The technology was used in the country's 2000 presidential
election and is expected to be used in local elections soon.
Potential applications even include ATM and check-cashing security.
The software is able to quickly verify a customer's face. After the user consents, the
ATM or check-cashing kiosk captures a digital photo of the customer. The FaceIt
software then generates a face print of the photograph to protect customers against
identity theft and fraudulent transactions. By using facial recognition software,
there's no need for a picture ID, bank card or personal identification number (PIN) to

18
verify a customer's identity. Many people who don't use banks use check cashing
machines. Facial recognition could eliminate possible criminal activity.
This biometric technology could also be used to secure your files. By
mounting a Webcam to your computer and installing the facial recognition software,
your face can become the password you use to get into your computer. IBM has
incorporated the technology into A, T and X series ThinkPad.

19
 Facial recognition software can be used to
Lock your computer.

While facial recognition can be used to protect your

private information, it can just as easily be used to invade your privacy by taking

20
you picture when you are entirely unaware of the camera. As with many developing
technologies, the incredible potential of facial recognition comes with drawbacks.

Facial recognition software can be used to find criminals in a crowd,

turning a mass of people into a big lineup.

The $30,000 system was loaned to the Tampa Police

Department for one year. So far, no arrests have been made using the technology.
However, the 36 cameras positioned in different areas of downtown Tampa have
allowed police to keep a more watchful eye on general activities. This increased
surveillance of city residents and tourists has riled privacy rights groups.
People have an amazing ability to recognize and remember
thousands of faces. In the same way computers are turning your face into computer
code so it can be compared to thousands, if not millions, of other faces.
Facial Recognition mechanism is also used to pinpoint the face in
the crowd and measure its features.

21
Facial recognition software is designed to
Pinpoint a face and measure its features

22
 6. How Facial Recognition Systems Works

6.1 FACIAL RECOGNITION

6.1.1 Basics:
Facial recognition analyzes the characteristics of a person's
face images input through a digital video camera. It measures the overall facial
structure, including distances between eyes, nose, mouth, and jaw edges. These
measurements are retained in a database and used as a comparison when a user
stands before the camera. This biometric has been widely, and perhaps wildly,
touted as a fantastic system for recognizing potential threats (whether terrorist, scam
artist, or known criminal) but so far has been unproven in high-level usage. It is
currently used in verification only systems with a good deal of success.
Face identification can be an important alternative for
selecting and developing optimal biometrical system. Its advantage is that it does not
require physical contact with image capture device (camera). Face identification
system does not require any advanced hardware; it can be used with existing image
capture devices (web cams, security cameras etc.).
Face is not so unique as fingerprints and eye iris, so its
recognition reliability is slightly lower. However, it is still suitable for many
applications, taking into account its convenience for user. It can also be used
together with fingerprint identification or another biometrical method for developing
more security critical applications.
Multi-biometrical approach is especially important for
identification (1: N) systems. Identification systems are very convenient to use
because they do not require any additional security information (smart cards,

23
passwords etc.). On the other hand, 1: N-matching routine usually accumulates False
Acceptance probability, which may become unacceptable big for applications with
large databases. Using face identification as additional biometrics can dramatically
decrease this effect.
Multi-biometrical approach also usually helps in situations
where certain biometric feature is not optimal for special customers groups. For
example, hard workers may have raw fingerprints, which may increase false
rejection rate if fingerprint identification was used alone. Thus, face identification
should be considered as a serious alternative in biometrical or multi-biometrical
systems developing.
The example below shows the main steps in using facial
recognition to identify an individual in a controlled environment:

Identification Steps:

• Take a photo of the individual and encode it.

• Match the encoding against database and display possible matches.
• Select any matching image (in this case the closest match displayed at
top left) and display the full record.

While different developers have used different approaches to

developing facial recognition technology, the principle is the same as for other
biometrics, i.e. the patterns within the object are identified and transformed
mathematically into a code. In the case of a face, features such as the eyes and tip of
the nose are used as anchor points, and the relative location of numerous other facial
characteristics to them is determined. This information is then transformed into a
digital string.

24
 This string can then be matched against pre-coded images in
a database to determine if there's a match. As the shot can be taken with a standard
camera from a reasonable distance, facial recognition is the only biometric that does
not require the cooperation or even knowledge of the individual for the process to
work. However the implication of this is that the image is subject to external factors,
particularly lighting and facial angles.

6.1.2 The Face

Your face is an important part of who you are and how
people identify you. Imagine how hard it would be to recognize an individual if all
faces looked the same. Except in the case of identical twins, the face is arguably a
person's most unique physical characteristic. While humans have had the innate
ability to recognize and distinguish different faces for millions of years, computers
are just now catching up.
Visionics, a company based in New Jersey, is one of many
developers of facial recognition technology. The twist to its particular software,
FaceIt, is that it can pick someone's face out of a crowd, extract that face from the
rest of the scene and compare it to a database full of stored images. In order for this
software to work, it has to know what a basic face looks like. Facial recognition
software is based on the ability to first recognize faces, which are a technological
feat in itself, and then measure the various features of each face.
If you look in the mirror, you can see that your face has
certain distinguishable landmarks. These are the peaks and valleys that make up the
different facial features. Visionics defines these landmarks as nodal points. There
are about 80 nodal points on a human face. Here are a few of the nodal points that
are measured by the software:

25
 • Distance between eyes
• Width of nose
• Depth of eye sockets
• Cheekbones
• Jaw line
• Chin

These nodal points are measured to create a numerical code, a

string of numbers that represents the face in a database. This code is called a face
print. Only 14 to 22 nodal points are needed for the FaceIt software to complete the
recognition process. In the next section, we'll look at how the system goes about
detecting, capturing and storing faces.

6.1.3 Behold ... Biometrics

Now, ATMs and cash dispensers using biometrics are slowly

but steadily being deployed throughout the country and could be coming soon --
within two to four years -- to a bank, credit union, mall, convenience store or casino
near you.
Biometrics can be used in various ways to identify you:
behavioral (which includes voice and signature) or physiological (hand, iris, face,
and fingerprint). Retina-scanning laser technology is also available, but so far the
reaction from most companies has been, "No way." Consumers apparently aren't
ready for their banker to shoot them in the eye with a laser beam. So far, no ATMs
ask for a drop of blood so it can extract DNA for identification.

26
 The idea isn't necessarily to do away with cards so much as to
raise the level of security. Use something for identification that can't be lost, stolen
or forgotten and maybe there will be less fraud. The push to put biometric ATMs
and cash transaction kiosks within your reach is small, but gaining momentum.
Mark Radke of Diebold, one of the biggest ATM
manufacturers in the United States, says the emergence of biometrics has been slow
in part because of the technology and partly due to slow overall acceptance by the
public. But that's changing, he says, to the point where credit unions, which have
been more aggressive than banks about using biometrics, see the new technology as
a customer draw.
Janet Harris, CEO of Riverside Health System Employees
Credit Union in Newport News, Va., agrees. Her credit union has had biometric
"kiosks" since July 1998.They use a fingerprint scan for identification – something
some industry surveys have shown customers may equate with identifying criminals.
"The fingerprint has never been perceived here as criminal,"
says Harris. "In reality, we're not keeping the fingerprint anyway. The scan is
reading the ridges of your finger and converting them into a numeric algorithm.
Newport News is a very heavy military security area -- they're all used to a lot of
security. Plus this tends to be a younger group of people and they're OK with
technology."
The first time a customer uses the kiosk, they're asked for
their account number and their fingerprint. The customer then shows picture ID to an
employee who completes the registration process. After that, the customer can lose
the old ATM card and forget the PIN or hold on to it if they want, because most
biometric machines also accept cards.

27
 If, one day, a customer steps up to the kiosk and it doesn't
accept her fingerprint, a friendly sign appears stating, "I'm sorry, you don't appear to
be yourself today." The kiosk, which the credit union calls "Money Buddy," then
offers advice for a better fingerprint scan, such as rubbing your thumb on your face
to get a little oil on it if you just washed your hands and they're too dry.
Harris says more than 1,000 of the credit union's 3200
customers have registered their fingerprints. The kiosks do a lot more than spit out
money. Customers can print a check payable to anyone, print statements, transfer
funds, apply for loans and even send the bank e-mails.
If you're the gambling type, there's a good chance you'll be
using a biometric machine if you need some quick cash.

6.2 How Facial Recognition System works

User faces the camera, standing about two feet from it. The
system will locate the user's face and perform matches against the claimed identity
or the facial database. It is possible that the user may need to move and reattempt the
verification based on his facial position. The system usually comes to a decision in
less than 5 seconds. To prevent a fake face or mold from faking out the system,
many systems now require the user to smile, blink, or otherwise move in a way that
is human before verifying.

28
The example below shows the main steps in using facial recognition to identify an
individual in a controlled environment:

Identification Steps:

• Take a photo of the individual and encode it.

• Match the encoding against database and display possible matches.
• Select any matching image (in this case the closest match displayed at
top left) and display the full record.

29
 While different developers have used different approaches to
developing facial recognition technology, the principle is the same as for other
biometrics, i.e. the patterns within the object are identified and transformed
mathematically into a code. In the case of a face, features such as the eyes and tip of
the nose are used as anchor points, and the relative location of numerous other facial
characteristics to them is determined. This information is then transformed into a
digital string. This string can then be matched against pre-coded images in a
database to determine if there's a match. As the shot can be taken with a standard
camera from a reasonable distance, facial recognition is the only biometric that does
not require the cooperation or even knowledge of the individual for the process to
work. However the implication of this is that the image is subject to external factors,
particularly lighting and facial angles.

30
6.3 VeriLook - Face Identification Technology

Currently there are many methods of biometric identification:

fingerprint, eye iris, retina, voice, face etc. Each of these methods has certain
advantages and disadvantages, which must be considered in biometrical system
developing: system reliability, price, flexibility, necessity of physical contact with
scanning device and many others. Selecting the certain biometrical identification

31
method or using the multi-biometrical system can help to support these, often
discrepant, requirements.
Face identification can be an important alternative for
selecting and developing optimal biometrical system. Its advantage is that it does not
require physical contact with image capture device (camera). Face identification
system does not require any advanced hardware, it can be used with existing image
capture devices (web cams, security cameras etc.).
Face is not so unique as fingerprints and eye iris, so its
recognition reliability is slightly lower. However, it is still suitable for many
applications, taking into account its convenience for user. It can also be used
together with fingerprint identification or another biometrical method for developing
more security critical applications.
Multi-biometrical approach is especially important for
identification (1:N) systems. Identification systems are very convenient to use
because they do not require any additional security information (smart cards,
passwords etc.). On the other hand, 1:N-matching routine usually accumulates False
Acceptance probability, which may become unacceptable big for applications with
large databases. Using face identification as additional biometrics can dramatically
decrease this effect. Multi-biometrical approach also usually helps in situations
where certain biometric feature is not optimal for special customers groups. For
example, hard workers may have raw fingerprints, which may increase false
rejection rate if fingerprint identification was used alone.
Thus, face identification should be considered as a serious
alternative in biometrical or multi-biometrical systems developing.

6.4 Algorithm

32
 VeriLook 2.0 face recognition algorithm implements
advanced face localization, enrollment and matching using robust digital image
processing algorithms:

• Fast and accurate face localization for reliable detection of

multiple faces in still images as well as in live video streams .

• Simultaneous multiple face processing and identification in single

frame. All faces on the current frame are detected in less than 0.1
seconds and then each face is processed in less than 0.2 seconds .

• VeriLook 2.0 face template matching algorithm compares up to

65,000 faces per second.

• Applications implemented using VeriLook SDK can handle large

face databases, as one face features template is only 2.9 Kbytes.

• Features' generalization Mode generates the collection of the

generalized face features from several images of the same subject.
Then, each face image is processed, features are extracted, and the
collections of features are analyzed and combined into a single
generalized features collection, which is written to the database.
This way, the enrolled feature template is more reliable and the
face recognition quality increases considerably.

33
 7. Competition Among ATM Owners

Competition among ATM owners occurs at two levels. For

banks, ATMs are one of the means by which institutions compete for customers.
Among other things, banks may compete on the basis of the size and diversity of
their proprietary network, the level of their foreign fees, and their surcharges.
Therefore, ATM surcharges should be viewed as one facet of banks' competition for

34
customers in general. For nonbanks that own ATMs, the competition focuses more
on placing ATMs in locations that capture ATM users who are willing to pay for the
service. But all ATM owners--banks and others--have to compete for transactions,
because if no one uses the machine, the investment will lose money.

The development of the ATM market cannot be viewed

separately from changes that are occurring in the financial services industry
generally. Most important, the industry is rapidly consolidating. Banks, thrifts, and
other financial services firms are merging, which reduces the number of firms even
as they increase their capacity to provide services to cardholders and other
depositors.

7.1 Competition Among Banks

All other things being equal, a bank with more ATMs is more
valuable to customers than a bank with fewer machines, especially now that
surcharges have become more widespread. Consequently, ATMs and ATM fees
form part of a bank's strategy to attract customers and additionally security is also
the main factor by which the machine usage can be increased. And, therefore, the
additional things which are implemented at the ATM’s increase the security. For
example, most banks will not impose surcharges on their own customers for fear of
driving them away and most ATM’s abroad use additional Facial Recognition
System to give additional security to there customers. However, large banks with
large numbers of proprietary ATMs typically find it to their strategic advantage to
impose high surcharges for foreign transactions. By contrast, in response to the
spread of surcharges, an increasing number of smaller and medium-sized banks--
banks that presumably have fewer ATMs to offer their customers--have had to drop
the foreign fees they were charging their cardholders who used other banks' ATMs,

35
presumably in response to cardholders' complaints at being double-charged. In 1996,
only 20 percent of banks did not have foreign fees. By 1997, 33 percent of banks
charged no foreign fees on cash withdrawals.
What effect do ATM surcharges have on the ability of banks
to attract and retain deposits? One way to answer that question is to compare the
experience of banking institutions in the eight states that passed laws either
prohibiting network surcharge bans or explicitly permitting ATM surcharging by
1995 with the experience of banks in the rest of the United States. If ATM
surcharging induced people to move their accounts to banks that owned large
numbers of ATMs, one would expect to see a greater increase in the concentration of
deposits in banks in those states allowing surcharging than in the rest of the United
States during the same time frame. And a greater-than-average increase in
concentration has, indeed, resulted. However, the states allowing surcharging started
from a lower level of bank deposit concentration than did the nation as a whole.
Consequently, the data are not conclusive with respect to the
change that has occurred.

36
 ATMs IN OPERATION, 1973-1997

Even before the nationwide spread of ATM surcharges, big banks were growing at
the expense of small banks. In 1991, commercial banks with $1 billion or more in
assets held 67 percent of all deposits: in 1995, they held 72 percent, and in 1997,
their share was 76 percent. The smallest commercial banks, those with assets of
$100 million or less, experienced shrinkage in their share of deposits nationally,
which went from 12 percent in 1991 to 9 percent in 1995 and 7 percent in 1997.
Moreover, the Riegle-Neal Interstate Banking and Branching Efficiency Act took
effect in the last quarter of 1995. The act expanded the ability of banks and bank
holding companies to operate across state boundaries and may have contributed to
the climbing rate of concentration in the industry.

Thus, it is difficult to disentangle the effects of ATM fees

from the preexisting trend of industry consolidation.

7.2 Competition Among All ATM Owners

ATM owners generally have to balance several factors in

their calculations regarding both the number of ATMs in which to invest and the
charges they need to impose. As more ATMs are deployed, especially by new

37
entrants to the market, competition may force fees to drop. Nevertheless, some ATM
deployers may be able to continue to charge high fees in certain market segments.
(Market segments may be based on location, such as airports or recreation areas, or
on cardholders' willingness to pay.)

The increasing number of ATMs and the decreasing number

of transactions per machine suggest that high ATM surcharges may not be
sustainable. If simple supply and demand were at work in the ATM market, the entry
of nonbank deployers in particular should undermine high and increasing
surcharges. But a large part of the market response to ATM surcharges is exhibited
in changes in frequency and patterns of use, not in changes in price. Cardholders
typically arrange their affairs so that most of the time; they do not pay surcharges at
all. Thus, firms that surcharge see a drop-off in the number of their foreign
transactions--but usually not by enough to make them lift the surcharge. Nonbanks
have every incentive to surcharge because all of their transactions are foreign
transactions and surcharging is the primary way that they make money from their
investment. To ensure their profits, nonbanks may focus on placing ATMs in
locations where people may be more willing to pay surcharges for the sake of
convenience or because they have fewer alternatives for getting cash.

In sum, widespread surcharging is a recent phenomenon,

and the market is still adjusting. Cardholders may discover that competitive
pressures are operating on surcharges and foreign fees as the market matures over
the next few years. Another possibility is that surcharges may remain in place even
as average total cardholder fees--the total of foreign fees plus surcharges--drop. The
potential for that outcome derives from the segmentation in the market and the fact

38
that foreign fees and surcharges are set independently by two different market
participants.

8. Conclusion

Shared regional ATM networks do not appear to wield

worrisome market power. Although the regional networks have been consolidating,
they still face competition from both the ever-larger proprietary networks and the
national networks operated by the credit card associations.

39
 The current flux in the ATM market is the result not
only of the advent of ATM surcharging but of shifts in other charges associated with
ATMs and in usage patterns. For example, foreign fees are dropping in some cases,
and the average number of transactions per ATM has started to decline. In such
unsettled circumstances, the effects of any legislation or regulatory change may be
difficult to determine in advance and could produce unintended effects.
Moreover, ATM’s with extra security like Facial Recognition
System are increasing widely. This system invites fraudulent attempts through stolen
cards, badly-chosen or automatically assigned PIN, cards with little or no encryption
schemes, employees with access to non-encrypted customer account information and
other points of failure. The main issues faced in developing such a model are
keeping the time elapsed in the verification process to a negligible amount, allowing
for an appropriate level of variation in a customer's face when compared to the
database image, and that credit cards which can be used at ATMs to withdraw funds
are generally issued by institutions that do not have in-person contact with the
customer, and hence no opportunity to acquire a photo.
The question which arises here is that suppose if anybody
who is not in an condition to go to the ATM machine and not in a position to access
his account and suppose he is asking someone else whom he trust to withdraw
money or something else, likewise, cannot access his account. Although, he has got
the card and the PIN but the only thing is the face which is not recognized .The
remedy to this issue is:
When a match is made with the PIN but not the images, the bank could
limit transactions in a manner agreed upon by the customer when the account was
opened, and could store the image of the user for later examination by bank officials.
In regards to bank employees gaining access to customer PIN for use in fraudulent
transactions, this system would likewise reduce that threat to exposure to the low

40
limit imposed by the bank and agreed to by the customer on visually unverifiable
transactions.

9. Bibliography

REFERENCES

41
• Daugman J (2003) "Demodulation by complex-valued wavelets for
stochastic pattern recognition." Int'l Journal of Wavelets, Multi-resolution
and Information Processing, vol. 1, no. 1, pp 1-17.

• S.Fisher (2003) "The importance of being random: Statistical principles

of Facial recognition." Pattern Recognition, vol. 36, no. 2, pp 279-291.

• Daugman J (2002) "Gabor wavelets and statistical pattern recognition."

The Handbook of Brain Theory and Neural Networks, 2nd ed., MIT Press
(M. Arbib, editor), pp 457-463.

• Christopher E.Carrl (2001) "Statistical richness of visual phase

information." Int'l Journal of Computer Vision, 45(1), pp 25-38.

• Daugman J and Downing C (2001) "Epigenetic randomness, complexity,

and singularity of human facial patterns." Proceedings of the Royal
Society, B, 268, Biological Sciences, pp 1737 - 1740.

42
• Steven J (2001) "Brain metaphor and brain theory." Chapter 2 in
Philosophy and the Neurosciences, edited by W. Bechtel et al. Oxford:
Blackwell Publishers.

• Schwartz (2000) "Biometric decision landscapes." Technical Report No.

TR482, University of Cambridge Computer Laboratory.

• Daugman J (1998) "Phenotypic versus genotypic approaches to face

recognition." In: Face Recognition: From Theory to Applications.
Heidelberg: Springer-Verlag, pp 108 - 123.

• http:///www.atmmachine.com/atmmachine.html
• www.bls.gov/oco/ocos186.html
• www.diebold.com/solutions/atms/default.htm
• www.encyclopedia.com/html/a1/autotel.asp
• www.legis.state.wi.us/lrb/pubs/ttp-10-2000.html
• www.answers.com/topic/automatic-teller-machine
• www.infoplease.com/ce6/sci/AO805407.html

43