ATM application using Mykad (APMY)

NABILA BINTI SHARUDIN

A thesis submitted in partial fulfillment of the requirement for the award of the

degree of Bachelor of Computer Science (Software Engineering)

Faculty of Computer Systems & Software Engineering

Universiti Malaysia Pahang

ABSTRACT

This report is basically about ATM Application using MyKad. ATM Application

using MyKad (APMY) is a system that upgrades the user convenience in using

ATM. Besides that, in by replacing bankeard with MyKad, bankcard fraud can be

reduced as Mykad is more secured. The existing ATM (Automated-Teller Machine)

has weaknesses that should be overcomed. APMY is the best solution in order to

prevent fraud from happening most of the time. Account holder that owns a MyKad

is able to use this system. Compared to the old ATM system, APMY uses newly

developed technology which is the MyKad which is more reliable than bankcard.

MyKad, or Government Multipurpose Card, (GMPC) is the official compulsory

identity card of Malaysia. it i regarded as the world's first smart identity card. So

there is no burden in using MyKad because it must be carried around all the time.

This system can only be used by Malayan Banking Berhad(MAYBANK) account

holders and owns a MyKad. APMY is a standalone system which will be installed in

the computer to use it. The system implementation requires usage of smart card

reader such as EZIOOPU, MyKad and a computer. In developing this system, Rapid

Application Development (RAD) is chosen as the methodology. As a conclusion,

APMY is build to improvise the user convenience in ATM usage and reduce number

of cases of bankcard cloning.

ABSTRAK

Tesis mi adalah tentang ATM Aplikasi menggunakan MyKad. ATM Aplikasi

menggunakan MyKad (APMY) adalah sebuah sistem yang menambahbaikkan

kemudahan pengguna dalam menggunakan ATM. Selain itu, dengan menukar kad

bank dengan MyKad, penipuan dan pemalsuan kad bank dapat dikurangkan kerana

Mykad lebih selamat. ATM mempunyai kelemahan yang harus diatasi. APMY

adalah penyelesaian yang terbaik untuk mencegah terjadinya penipuan dari semasa

ke semasa. Pemegang Akaun yang mempunyai MyKad boleh menggunakan sistem

mi. Dibandingkan dengan sistem ATM lama, APMY menggunakan teknologi yang

baru dibangunkan

iaitu

MyKad yang lebih berteknologi tinggu daripada kad bank.

MyKad, adalah kad identiti rasmi wajib Malaysia. MyKad merupakan kad pintar

pertama di dunia. Jadi pengguna tidak dibebankan dalam menggunakan MyKad

kerana MyKad sememangnya harus dibawa oleh rakyat Malaysia di mana sahaja

mereka berada. Sistem mi hanya boleh digunakan oleh pemilik akaun bank di

Malayan Banking Berhad (Maybank) dan mempunyai MyKad. APMY adalah sistem

yang akan diintegrasikan di komputer untuk menggunakannya. Implementasi sistem

memerlukan penggunaan pembaca kad pintar seperti EZ100PU, MyKad dan

komputer. Dalam membangunkan sistem mi,

Rapid Application Development (RAD)

dipilih sebagai metodologi. Sebagai kesimpulan, APMY adalah untuk

menambahbaikkan penggunaan ATM oleh penggunanya dan mengurangkan jumlah

kes pengklonan kad bank.

TABLE OF CONTENT

CHAPTER

1

2

TITLE

PAGE

ABSTRACT

vi

ABSTRAK

vii

TABLE OF CONTENTS

viii

LIST OF TABLES

x

LIST OF FIGURES

xii

LIST OF APPENDICES

xv

INTRODUCTION

1

1.1 Introduction

1

1.2 Problem Statement

2

1.3 Objectives

3

1.4 Scope

3

LITERATURE REVIEW

4

2.1 Introduction

4

2.2 Existing System

2.2.1 Magnetic Stripe Card

7

2.3 Weaknesses Of ATM

8

2.4 Solutions

11

2.4.1 Smart Card Technology

12

2.4.2 Types Of Smart Card

13

2.4.3 Identification Card(Mykad)

13

2.4.4 Smart Card Reader

16

2.4.4.1 EzlOOpu Smart Card Reader

16

2.5 Methodology

17

2.6 Language

20

3

4

2.7 Database

₂₀

2.7.1 Microsoft SQL Server

₂₁

METHODOLOGY

₂₂

3.1 Introduction

₂₂

3.2 System Development Process

₂₃

3.2.1 Requirement Planning Phase

₂₄

3.2.2 Design Phase

₂₄

3.2.2.1 System Design

₂₅

3.2.2.2 Database Design

33

3.2.2.3 Interface Design

35

3.2.3 Construction Phase

₄₄

3.2.4 Cutover Phase

₄₄

3.3 Project Requirement

₄₄

IMPLEMENTATION

₄₆

4.1 Introduction

₄₆

4.2 Database Connection

₄₆

4.2.1 Structured Query Language

₄₆

(Sql) Commands

4.2.2 Managing Connection Between

₄₇

System And Database

4.2.3 Stored Procedures

₄₈

4.3 System Implementation

₄₈

4.3.1 Functions Of APMY

₄₈

4.4 Interface Of APMY

49

5

RESULT AND DISCUSSION

61

5.1 Introduction

61

5.2

Testing Result

62

5.2.1

Develop A Prototype Of ATM

62

Application Using Mykad

5.2.2 Result of Questionnaires

63

Constraints

68

Development

68

5.3.2 System Constraint

69

5.4 Further Research

69

6

CONCLUSION

70

REFERENCES

71

APPENDIX A-GANTT CHART

74

APPENDIX B-QUESTIONNAIRE

76

APPENDIX C-BLACK BOX TESTING

78

APPENDIX D-SOFT WARE DEVELOPMENT PLAN

82

APPENDIX

E-SOFT WARE

REQUIREMENT

83

SPECIFICATION

LIST OF TABLES

PAGE

34

35

35

35

45

45

47

61

TABLE NO

TITLE

3.1

Table For User

3.2

Table For Login

3.3

Table For Accounts

3.4

Table For Transaction History

3.5

Hardware Requirements

3.6

Software Requirements

4.1

Function Of SQL Command Used

5.1

Hardware

And

Software

Requirement

For

LIST OF FIGURES

FIGURE NO

TITLE

PAGE

2.1

ATM Use Case

2.2

ATM Flowchart

6

2.3

Slot AtATM

10

2.4

Camera To Record Pin

10

2.5

The Proportion Of Skimming Fraud In UK

1.1

2.6

Mykad

14

2.7

EZ100PU

17

2.8

Methodology

17

2.9

Prototype

19

3.1

Rad Model

23

3.2

Client Server For Smart Card Project

25

3.3

Flowchart For APMY System

26

3.4

Sequence Diagram Of Login

27

3.5

Sequence Diagram Of Language Selection

27

3.6

Sequence Diagram Of Account Selection

28

3.7

Sequence Diagram Of Menu Selection

29

3.8

Sequence Diagram Of Cash Dispenser

29

3.9

Sequence Diagram Of Balance inquiry

30

3.10

Sequence Diagram Of Fund Transfer

31

3.11

Sequence Diagram Of Change Password

32

3.12

Sequence

Diagram

Of

Print

Mini

33

Statement

3.13

ERDOfAPMY

34

3.14

Welcome Page

36

3.15

Login Page

36

3.16

Language Selection

37

3.17

Account Selection

37

3.18

Menu Page

38

3.19

Cash Dispenser Page

38

3.20

Balance Inquiry Page

39

3.21

Change Pin Page

39

3.22

Fund Transfer Page

40

3.23

Print Mini Statement Page

40

3.24

ilalaman Utama Page

41

3.25

Pengeluaran Wang Page

41

3.26

Pertanyaan Baki Page

42

3.27

Penukaran Pin Page

42

3.28

Pindahan Wang Page

43

3.29

Cetak Penyata Wang Page

43

4.1

Data Connection Of APMY

47

4.2

Code Snippet Of Declarations Of Database

48

Connection With Server

4.3

Code Snippet Of Open Connection To

48

Database Method

4.4

Code Snippet Of Obtaining Ic Number

49

From Mykad Into The Text Box

4.5

Code Snippet Of Determining User Exist

49

In The Database Or Does Not Exist

4.6

Welcome Page Of APMY

50

4.7

Login Page

50

4.8

Language Selection

51

4.9

Account Selection

51

4.10

Menu Selection

52

4.11

Cash Dispenser Page

52

4.12

Balance Inquiry Page

53

4.3

Change Pin Page

53

4.15

Print Mini Statement Page

54

4.16

Halaman Utama Page

4.17

Pengeluaran Wang Page

55

4.18

Pertanyaan Baki Page

4.19

Penukaran PIN Page

4.20

Pindahan Wang Page

4.21

Cetak Penyata Wang Page

57

4.22

Coding To Declare Functions Of Smart

58

Card Reader

4.23

Coding To Connect Smart Card Reader To

59

APMY

4.24

Coding To Capture Ic From Mykad

59

4.25

Coding For Error Handling

60

5.1

Scanned Mykad Information

62

5.2

Question 1

63

5.3

Question 2

64

5.4

Question 3

64

Question 4

65

Question 5

65

5.7

Question 6

66

5.8

Question 7

66

Question 8

67

5.10

Question 9

67

5.11

Question 10

68

LIST OF APPENDICES

APPENDIX

TITLE

PAGE

A

Gantt Chart

74

B

Questionnaire

76

C

Black Box Testing

78

D

Software Development Plan(SDP)

82

E

Software Requirement Specification(SRS)

83

1.1 Introduction

Automatic -teller Machine or known as ATM is used by nearly everyone around the world. The use of this machine is for cash withdrawal, cash transfer and many other services. In those days, there were no cases reported of stolen ATM card and unauthorized access into saving accounts. But nowadays, more and more cases have been reported. This problem can be solved by improvising the ATM system.

Automatic-teller-machines (ATM) use magnetic-strips cards to identify and authorize the person accessing them. The card contains details of the user's bank account and is protected by a Personal Identification Number (PIN). Users must enter the PIN connected with their card before they are allowed to perform any transaction with their account. The weakness in that is the only items needed to authorize the ATM transaction is the bankcard which is easily be cloned.

Magnetic-strips card faced a threat which is it can be cloned and therefore easy to be fraud. There have been many cases of bankcard fraud. The bankcard is vulnerable and it only takes few seconds to clone a bani(card using a cloning device.

In order to overcome this problem, bankcard should be replaced with a card that has better security which is MyKad. MyKad has a powerful chip that makes it harder to be cloned.

More and more cases of stolen ATM cards have been reported lately. It is just not that. But later, the owner of the stolen ATM card finds out that his saving account has been emptied. This is mostly the result of bank card cloning. When the thief possess the bank card, there is no need to acquire the PIN as he has the ability to trick the system that the P114 he entered is correct although its not.

Besides that, user will have to bring around the bankcard every time he wants to use the ATM. It is inconvenient for user to bring around many cards whenever he goes out of the houses which are the identification card, license card and bankcards.

Also, in order to own a bankcard, user will have to pay some amount of money for the bankcard itself. It would save the cost if user won't have to create a new bankcard. Instead of paying for the bankcard, user could have use a card that every user has already owned.

1.3 Objectives

The objectives of this project are to:

1) Develop a prototype using MyKad for ATM application.

2) Produce a Produce Software Engineering document such as Software Development Plan(SDP), Software Requirement Specification(SRS) and Software Development Documentation(SDD) in order to develop an ATM application using MyKad.

The scopes of this project are:

1) Account holders as requested by the bank officer of Malayan Banking Berhad. 2) Users for this application are MyCard holder from the age of 12.

3) This application will be tested by 100 users. 4) The device used is EZIOOPU Smart Card Reader.

5) The tools that will be used are Microsoft Visual Studio 2008 and Microsoft SQL Server 2008.

CHAPTER 2

LITERATURE REVIEW

2.1 Introduction

There are many banking companies in the market nowadays. Most of the banking companies offer almost similar services such as saving accounts, loans and much more. In those days, whenever account holders want to withdraw cash, they will have to wait in such a long queue. It is such a waste of time. Then in 1939, Automated Teller Machine (ATM) was invented by Luther Smijian. However, it wasn't until the mid to late 1980s that ATMs became part of mainstream banking. [1]

An automated teller machine (ATM), also known as automatic banking machine (ABM), Cash Machine, or Cash point, is a computerized telecommunications device that provides the clients of a financial institution with access to financial transactions in a public space without the need for a cashier, human clerk or bank teller. [2] Automated teller machines (ATM) became an essential part of the banking business. [3] ATM made life much easier. People do not have to queue up and waste their time just to withdraw cash from their accounts.

ATM system requires the account holder to slot in his bankcard. Then, after the bankcard has been detected, the customer is required to key in his Personal Identification Number (PIN). If matched, customer is now allowed to use any of the services offered.

Every banking company has their own ATM machine, uniquely designed based on their requirements. But the services offered are almost the same.

%M S)%$fl x ' S7tt'm I - I -Ile Pti

CE

Figure 2.1 ATM use case

The services offered are usually cash dispenser, pay bills, print bank statement, balance inquiry, change of PIN and fund transfer.

r

I

CARD PiN aftft

Viidcd

II.

ENER PIN NIJMBER

iic$PiN Thd,n,a1 .,nly CHOOSE A(XOUNT CHEQUE SAVINGS Fs.m c1eqtIe SAount CHOOSE AMOIThTF OF MONEY FOR WITHDRAWAL J,_Ailrnnt C1kn CHOOSE WHETHER TO RECEIVE A RECEHf

77^-^

RECEIVE RECEIPT AND RECEIVE MONEY

MONEY

Figure 2.2 ATM flowchart

The flow of the process in using ATM machine is a simple flow. It begins with the user inserting the bankcard and keying in the PIN in order to perform the wanted task. There is no problem occur in using ATM as it is a simple process. However, the problems occur when the system can be fooled by a cloned card.

is entering the correct PIN where else it's not the right PIN.

Every account user owns a bankcard that needs to be carried around every time he wants to use the ATM. It would be more inconvenience for users that own more than an account.

2.2.1 Magnetic stripe card

ATMs require user to slot in the bankcard and P114 in order to verify the legitimate user. The type of bankcard normal used by banking sector is the magnetic stripe card. Magnetic stripe card is a type of card capable of storing data by modifying the magnetism of tiny iron-based magnetic particles on a band of magnetic material on the card. The magnetic stripe, sometimes called swipe card or magstripe, is read by physical contact and swiping past a magnetic reading head. [4]

A magnetic stripe is the black or brown stripe that you see on your credit card, or maybe the back of your airline ticket or transit card. The stripe is made up of tiny magnetic particles in a resin. The particles are either applied directly to the card or made into a stripe on a plastic backing which is applied to the card.

The material used to make the particles defines the coercivity of the stripe. Coercivity is the measure of how difficult it is to encode information on the magnetic stripe. [6] Standard low coercivity stripes use iron oxide as the material to make the particles, high coercivity stripes are made from other materials like barium ferrite.

-hence the card writers are much cheaper than machines which are capable of recording high-coercivfty magstripes. Because of this, virtually all bank cards today are encoded on high coercivity stripes despite a slightly higher per-unit cost.

After a while since magnetic stripe card is in used, problems begin to occur. It turns out that this card can be easily cloned and fraud. Many people are trying hard to alter and counterfeit them in order to gain fund illegally. It only takes few seconds to clone a bankcard by using a cloning device.

2.3 Weaknesses of ATM

Although ATM is most needed in these modern days, there are drawbacks in using it. Many cash has been stolen from the ATM that causes lost of money from customer's saving accounts. Researchers who work for an Israeli computer security company say they have discovered a fundamental weakness in the system that banks use to keep debit card PIN codes secret while they are transported across bank networks - a flaw that they say could undermine the entire debit card system. [7]

There were many unexpected events happened that proves that ATM is no longer safe. Ng, 29 years old, pleaded guilty to electronically spying on people while they used ATMs. He had planted an electronic skimming device and pin-head camera in 36 ATMs in Sydnqy. [8]

There is also another fraud happened in the same country. A team of organized criminals is installing e

quipment on legitimate bank ATMs in at least two regions to steal both the ATM card number and the PIN. The team sits nearby in a car receiving the information transmitted wirelessly over weekends and evenings from equipment they install on the front of the ATM. [9]

i) $500,000 taken in skimming at a Sovereign Bank in New York City; 600 ATM customers hit in Nashville, TN;

iii) Three ATM skimming operations in Maryland, Illinois and Georgia netted thieves more than $120,000;

iv) 300 credit union members in North Carolina were victims of a skimming scheme;

V) A skimming operation in Houston, TX cost one bank $200,000;

vi) Three men arrested in Boston, MA on charges of ATM [10]

Next reported case is five Namibia men charged of having been part of a fraud ring that allegedly cloned 474 bank credit and debit cards and gift cards and then used the cards at automated teller machines throughout Namibia to withdraw large amounts of cash alleged to total some N$1,467 million from the accounts of customers of British bank Barclays PLC. [111

There is also the most famous modus operandi used by bandits. When an unsuspecting customer inserts his or her card and enters their PIN, a message instructing the user to reenter the PIN is displayed because the machine cannot read the card's magnetic strip.

After several unsuccessful attempts to reenter the PIN, the user finds that he or she cannot remove their card and, in many cases, leaves the machine mistakenly believing that the machine has malfunctioned and retained their card.

In reality, the thief, posing as another customer pretending annoyance over the malfunctioning machine, was able to memorize the user's PIN following the unsuccessful entries, before leaving the area. After the unsatisfied user leaves, the thief returns to the machine, removes the plastic sleeve containing the user's card, reinserts the card without the sleeve, enters the user's PIN and empties their account. [12]

Figure 2.3 shows that another slot is being inserted in order to retained the user's bankcard and made user believed that the ATM has malfunctioned. [13]

-. - 400 - -—o-5nmed 35000 .0 - - - - - - ISDIDO - - -u °2003 ZMA 205 Vew

Figure 2.5: The proportion of skimming fraud in overall UK card fraud according to APACS (2007 figures are estimates based on Ql-Q2). [15]

This proves that the skimming of ATM has reached the critical level and actions must be taken in order to prevent more of unwanted things happen.

2.4 Solutions

Since the existing ATM that uses bankcard and PIN starting to lose the ability of securing the information and cash, other alternative should be implemented in order to stop more unwanted events from happening. A better card in terms of security is needed as a replacement of the bankcard. MyKad is the best replacement as it has higher security level that makes it harder-to be cloned.

Also, as MyKad replaces bankcard, the benefit goes to the user where he does not have to carry around bankcard and he does not needto pay for the bankcard. Every citizen of Malaysia owns a MyKad which should be carried around all the time. Therefore, user can simply use the MyKad to make an ATM transaction.

Magnetic stripe technology remains in wide use in the United States. However, the data on the stripe can easily be read, written, deleted or changed with off-the-shelf equipment. Therefore, the stripe is really not the best place to store sensitive information. To protect the consumer, businesses in the U.S. have invested in extensive online mainframe-based computer networks for verification and processing. [16] in Europe, such an infrastructure did not develop instead, the card carries the intelligence.

Smart cards are credit card-sized plastic cards that contain relatively large amounts of information in an imbedded micro-chip. [17] Smart cards differ from magnetic stripe cards in two ways: the amount of information that can be stored is much greater, and some smart cards can be reprogrammed to add, delete or rearrange data.

Smart cards are the technology of choice when fairly large databases must travel with an individual or an object. [1 8]For instance, a version of smart card technology is used to record service histories for automobiles. The data travels on a small tag on the owner's key ring. It can be reprogrammed, updated and accessed whenever the vehicle is serviced with any of that company's dealers.

As there is a microprocessor on the card, various methods can be used to prevent access to the information on the card to provide a secure environment. [19]This security has been made as the main reason that smart cards will replace other card technologies.

The microprocessor type smart card comes in two flavors - the contact version and the contactiess version. Both types of card have the microprocessor embedded in the card however the contactless version does not have the gold plated contacts visible on the card. [20] The contactless card uses a technology to pass data between the card and the reader without any physical contact being made. The advantage to this contactless system is there are no contacts to wear out, no chance

Of an electric shock coming through the contacts and destroying the integrated circuit, and the

kn_{owledge that the components are completely embedded in the plastic with no external connections.} The dis_{advantage to this is that there are some limitations to the use of the smart card.}

secured compared to bankcarcl.

The possible benefits of the acceptance of smart card technology depend on the application in use. However, the ability to move large amounts of data with little or no increase in the security of the data will lead to many new applications being created that haven't been developed yet.

2.4.2 Types of smart card

There are two types of smart card. The first is really a "dumb" card which only contains memory. [22] These cards are used to store information. Examples of this might include stored value cards where the memory stores a dollar value which the user can spend in a variety of transactions. Examples might be pay phone, retail, or vending machines. Another example of a "dumb" card is the memory that is plugged into a Personal Computer (PC Card - used to be called PCMCIA).

The second type of card is a true "smart" card where a microprocessor is embedded in the card along with memory. Now the card actually has the ability to make decisions about the data stored on the card. The card is not dependent on the unit it is plugged into to make the application work. A smart purse or multi-use card is possible with this technology.

2.4.3 Identification card (MyKad)

"Malaysia will have the world's first national multi-purpose smart card One card will have the individual's identification and electronic signature and access to government,

banking, credit telephone transport and medical services." These are the words told by Dato' Seri

Dr. Mahathir Mohammad Prime Minister of Malaysia, speaking at the launching of the Multimedia Super Corridor on 1st August 1996. [23]