Security Guidelines for the Design of ATM Interfaces

In Peru, 41% of the population over 18 is banked and 76% of them use an Automatic Teller Machine or ATM. However, in some cases the interaction between the users and the ATM (and the User Experience in general) could be frustrating and presents inconveniences in topics about trust and security, considering that clients are mainly carrying out operations that involve withdrawal and depositing of their own money in cash. In that sense, the influence of security (and the perception of security by the user) in the experience of using ATM, given their nature and form of use, has been evidenced. According to the above, we found in the literature that specific design and heuristic guidelines have been proposed for the usability of ATM interfaces, but no specific guidelines for other relevant aspect such as the security of those interfaces. The main objective of this work is to provide a proposal of security guidelines for the design of ATM interfaces, which complement existing guidelines on other facets of the User Experience, such as, Usability and Accessibility, which seeks to strengthen the User Experience of the product. To obtain the mentioned guidelines, a compilation of good practices, recommendations and guidelines found in Peruvian and international literature and regulations was made. For the validation of this proposal, these guidelines were validated through expert judgment by three ATM interface design experts and four domain experts working in 3 of the most important banks in Peru. As a result, we proposed seven ATM interface security guidelines and their respective definitions. From this work, we can conclude the importance of not just evaluating Usability but also complementing security issues when it comes to a channel as sensitive as ATMs, and in that sense, for this domain, consider security as an important part of the User Experience.