On the other hand, if the user does not have sufficient funds and cannot withdrawal, they are notified that no withdrawal can be made at that time. If the user can withdrawal N amount, they are prompted to confirm that N amount is to be withdrawn. A message output depends on whether the user can or cannot withdrawal. User withdrawalsĮach time a user wants to withdrawal N amount, the bank system internally determines whether they can or cannot withdrawal N amount by checking bank account records of the user. These steps included limiting the amount of information displayed on the screen and using generic messages when a transaction is not successful. The high-level design recognized the threat sensitive data exposure had on PII and took steps to mitigate the vulnerability. A high-level design of the ATM system will be used as the basis for tests. Before we come to a conclusion, we will conduct a black box test to understand how the design reacts to various tests. The assumption will be that the current design does not recognize the sensitive data exposure as a threat. It is difficult to determine whether the current design of ATM system mitigates sensitive data exposure because it does not explicitly outline how it addresses or if it recognizes the threat. Is threat mitigated by the current design? This article is going to focus on the transaction feature/function of the ATM design because this is where the vulnerability is likely to occur.
While the user navigates the ATM system, one threat that could pose as a danger to personal identifiable information (PII) is sensitive data exposer. The ATM is designed in a way that once a user has successfully inserted a valid bank card and enters a valid four-digit pin, they are presented with four transaction options: withdrawal, deposit, transfer, and account inquiry. Note: ATM Use Cases diagram can be viewed on the following link ATM Example Use Case Sensitive Data Exposer: Black Box and White Box Test Cases