System design: Design an ATM Machine

Jayaprasanna Roddam - Oct 8 - - Dev Community

Designing an ATM (Automated Teller Machine) system must handle user authentication, cash withdrawal, balance inquiry, and other transactions securely and reliably.

Here’s how we would approach designing an ATM, step-by-step, covering both functional and non-functional aspects, and ensuring the design is scalable, secure, and easy to maintain.


1. Functional Requirements

The basic functionality of an ATM includes:

  1. Card Authentication: Validate the ATM card.
  2. PIN Verification: Securely verify the user’s PIN.
  3. Account Selection: Allow users to select the type of account (e.g., savings, checking).
  4. Cash Withdrawal: Allow users to withdraw money.
  5. Balance Inquiry: Check the account balance.
  6. Deposit Money: Accept cash or checks.
  7. Transaction History: Provide a summary of recent transactions.
  8. Fund Transfer: Transfer money between accounts.
  9. Printing Receipts: Provide receipts for transactions.
  10. Security Alerts: Provide alerts in case of failed transactions or multiple failed PIN attempts.

2. Non-Functional Requirements

  • Availability: The ATM should have high availability (99.99%), as it will be accessed at any time.
  • Security: Ensure that the ATM is highly secure, encrypting all sensitive data (PIN, account numbers).
  • Performance: The ATM should process transactions quickly, within a few seconds.
  • Reliability: The machine should not go offline unexpectedly and should handle failures gracefully.
  • Scalability: Support for a large number of users and transactions across multiple ATMs.
  • Fault Tolerance: Should have backup mechanisms in case of hardware or software failures.
  • Auditing and Logging: Keep track of every transaction and store logs for auditing purposes.

3. High-Level Components

The ATM system can be broken down into several key components:

ATM Machine (Frontend)

  1. Card Reader: Reads the magnetic strip or chip on the ATM card.
  2. Keypad: Allows the user to input their PIN and other necessary information.
  3. Screen: Displays user instructions and transaction details.
  4. Cash Dispenser: Dispenses the requested amount of cash.
  5. Deposit Slot: Allows users to deposit cash or checks.
  6. Printer: Prints receipts for transactions.
  7. Network Module: Connects the ATM machine to the bank’s central system.
  8. Security Camera: Monitors ATM transactions to prevent fraud.

ATM Software

  1. UI/UX Module: Responsible for displaying messages and prompts to the user.
  2. Authentication Module: Handles card authentication and PIN verification.
  3. Transaction Module: Handles cash withdrawals, balance inquiries, deposits, and fund transfers.
  4. Cash Management System: Tracks the amount of cash left in the ATM and triggers replenishment requests.
  5. Error Handling Module: Detects and logs hardware or software failures.
  6. Logging and Auditing Module: Logs all transactions for auditing and security purposes.

Backend System (Bank Servers)

  1. User Account Service: Stores user account details, balances, and transaction history.
  2. Transaction Service: Processes transactions like withdrawals, deposits, and fund transfers.
  3. Authorization Service: Validates the card and PIN, handles account verification, and enforces security checks.
  4. Cash Management Service: Keeps track of how much cash is in each ATM machine and facilitates replenishment.
  5. Fraud Detection System: Monitors transactions for unusual patterns that could indicate fraud.
  6. Audit and Reporting System: Provides detailed reports on ATM usage and transactions for the bank.

4. ATM Workflow

Step 1: User Authentication

  1. Insert Card: The user inserts their card into the card reader.
  2. Read Card Details: The card reader reads the card number, expiration date, and other metadata.
  3. Enter PIN: The user enters their PIN using the keypad.
  4. Validate Card & PIN: The ATM machine sends the card and PIN details to the bank’s authorization service, where the card and PIN are validated against the bank’s records. The PIN is encrypted during transmission.

Step 2: Select Transaction Type

  1. Choose Action: The user selects an action (e.g., cash withdrawal, balance inquiry).
  2. Select Account: If the user has multiple accounts (e.g., savings, checking), they will be prompted to choose which account they want to use.

Step 3: Transaction Processing

  • For Cash Withdrawal:

    1. Enter Amount: The user enters the amount to withdraw.
    2. Check Balance: The ATM contacts the bank’s transaction service to check the user’s account balance and verify sufficient funds.
    3. Deduct Funds: The system deducts the requested amount from the user’s account.
    4. Dispense Cash: The ATM’s cash dispenser releases the specified amount of cash to the user.
    5. Print Receipt: A receipt is printed with transaction details.
  • For Balance Inquiry:

    1. Query Balance: The ATM requests the user’s account balance from the backend.
    2. Display Balance: The balance is displayed on the screen.
  • For Deposits:

    1. Insert Cash or Checks: The user inserts cash or checks into the deposit slot.
    2. Count and Validate: The ATM counts and validates the deposit.
    3. Update Account: The backend system updates the user’s account balance to reflect the deposit.

Step 4: Log and Synchronize Transaction

  • Log Transaction: The transaction details are logged both in the ATM machine and the bank’s backend for auditing purposes.
  • Send Confirmation: The user’s mobile number or email can be used to send a confirmation for the transaction.

Step 5: Error Handling

  • In the event of an error (e.g., if the ATM runs out of cash), the error is logged, and the ATM system will notify the bank for resolution.
  • If the transaction fails (e.g., insufficient funds), the user is informed on the screen and prompted to retry or cancel the transaction.

5. Data Storage and Flow

Key Data

  1. User Data: Account number, balance, transaction history, PIN (hashed/encrypted).
  2. ATM Data: Cash available in the ATM, logs of previous transactions, hardware health status.
  3. Transaction Data: Transaction ID, amount, account details, timestamp, and status (success/failure).

Databases

  • User Database: Stores user account data, balances, and transaction histories (e.g., relational DB like MySQL/PostgreSQL).
  • ATM State DB: Stores information about each ATM, such as location, cash status, hardware health, etc.
  • Audit Logs DB: Keeps detailed logs of all transactions for security and compliance purposes.

6. Security Considerations

Encryption

  • PIN Encryption: The PIN must be encrypted (e.g., using AES) both at rest and in transit to prevent interception or theft.
  • Communication Encryption: All communication between the ATM and the bank servers should be encrypted using HTTPS or a secure VPN.

Authentication

  • Two-Factor Authentication: Optionally, use 2FA for additional security, where users receive a one-time password (OTP) on their phone before completing certain transactions.

Hardware Security

  • Anti-Tampering: Physical anti-tampering mechanisms (e.g., alarms, sensors) to prevent unauthorized access to the ATM’s hardware.

Software Security

  • Session Timeout: After a period of inactivity, the ATM should time out and return to the home screen, ensuring user privacy.
  • Fraud Detection: Use backend algorithms to detect unusual transaction patterns and block fraudulent activity.

7. Fault Tolerance and High Availability

Backup Cash Dispenser

  • Use redundant cash dispensing hardware to ensure users can withdraw cash even if one cash dispenser fails.

Database Replication

  • Use master-slave database replication to ensure that the ATM remains operational even if one database server goes down.

Failover Mechanisms

  • If one ATM node or component fails, the system should automatically reroute user requests to another ATM or data centre without affecting service.

8. Scalability

To scale the system across multiple ATMs and locations:

  • Load Balancing: Use load balancers to distribute requests among multiple backend servers.
  • Horizontal Scaling: Add more ATMs and backend servers as the user base grows.
  • Sharding: Split the database by regions (e.g., city-wise or state-wise) to reduce latency and ensure quick transaction processing.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .