Map Processes and Resources
CBS-10 – Self-service Terminal
Introduction
Self-service terminals (SSTs), including Automated Teller Machines (ATMs) and Cash Deposit Machines (CDMs), are critical to Maybank’s retail banking ecosystem in Malaysia.
They provide essential customer services such as authentication, cash withdrawals, deposits, inquiries, and account activation, while also ensuring the resilience and availability of banking functions beyond traditional branch operations.
Under the operational resilience framework, it is necessary to map the processes and resources that underpin these critical services to identify vulnerabilities, dependencies, and potential single points of failure.
This structured mapping provides visibility into how people, processes, technology, and third-party vendors interconnect to deliver the service, and highlights upstream and downstream dependencies that may affect continuity.
The following sections detail the mapping of each sub-CBS under CBS-10: Self-service Terminal.
Table: Map Processes and Resources for CBS-10
|
Sub-CBS Code |
Sub-CBS |
Processes |
People |
Technology (Applications & Infrastructure) |
Third-party Vendors |
Upstream / Downstream Dependencies |
|
10-1 |
Authentication & Access |
• Customer identity verification via ATM PIN/biometrics / contactless card • Transaction initiation • Session timeout controls |
• ATM operations staff • IT security team • Fraud monitoring & risk management |
• ATM OS & middleware • Authentication servers • Card management system (CMS) • Network security (firewalls, VPN) • Encryption modules (HSM) |
• Card scheme providers (Visa, Mastercard, MEPS) • Biometric solution providers |
• Core banking system (CBS) for validation • Network connectivity providers • Downstream: withdrawal, deposit, inquiry modules |
|
10-2 |
Withdrawal (Card & Contactless) |
• Card insertion or NFC tap • PIN verification • Transaction approval • Cash dispensing |
• Branch operations team • Cash management & logistics staff • ATM reconciliation staff |
• Cash dispenser module • ATM switching system • Core banking host system • Cash management application |
• Cash logistics vendors (e.g., G4S, Brink’s) • ATM manufacturers (Diebold Nixdorf, NCR) • Network service providers |
• Upstream: Authentication (10-1) • Downstream: Reconciliation & settlement with CBS • Dependencies on branch vault operations |
|
10-3 |
Deposit & Inquiry |
• Accept cash/cheque deposits • Validate notes (counterfeit detection) • Update customer account balances • Account inquiry requests (balance, mini-statement) |
• Branch operations team • IT support for deposit validation • Reconciliation & finance team |
• Deposit acceptor modules • Cheque imaging systems • CBS integration • ATM transaction switch |
• Cheque clearing houses • Note validation vendors |
• Upstream: Authentication (10-1) • Downstream: Core banking posting & settlement • Clearing systems (for cheques) |
|
10-4 |
Activation & Setup (Cash-out) |
• New ATM card activation • Contactless / NFC setup • First-time PIN generation/reset • Service configuration |
• Customer service officers • Card operations staff • IT card management support |
• Card management system (CMS) • PIN management system • ATM network • Secure key management (HSM) |
• Card scheme partners • PIN mailer/secure PIN service providers |
• Upstream: Authentication (10-1) • Downstream: Withdrawal and account services |
|
10-5 |
Availability Management |
• Monitoring ATM uptime & availability • Fault detection & escalation • Incident logging & resolution |
• IT operations monitoring staff • ATM field engineers • Incident management team |
• ATM monitoring tools • Network management system • Ticketing & incident management platform • Power supply & UPS systems |
• ATM vendors (NCR, Diebold) • Telecom providers • Facility management providers |
• Upstream: Core network availability • Downstream: Customer experience & SLA reporting |
|
10-6 |
Security & Resilience |
• ATM physical security controls • Cybersecurity monitoring • Fraud detection (skimming, malware) • Regular patching & updates |
• Security operations centre (SOC) • Fraud investigation unit • ATM security team |
• Intrusion detection systems (IDS) • Endpoint protection for ATM OS • Video surveillance systems (CCTV) • SIEM platform |
• Security equipment providers • Anti-skimming solution vendors • Managed security service providers (MSSPs) |
• Upstream: Authentication & CMS • Downstream: Incident response & law enforcement |
|
10-7 |
Customer Support & Recovery |
• Customer support for failed transactions • Dispute handling (dispense error, double debit) • Refund/reversal processing • Crisis recovery for ATM services |
• Contact centre agents • Customer care team • Reconciliation & settlement team |
• CRM system • Dispute management platform • ATM transaction logs • CBS interface for refunds |
• Call centre outsourcing partners • CRM vendors |
• Upstream: All transaction modules (10-1 to 10-6) • Downstream: Settlement & reconciliation with CBS, customer notification systems |
![[BCM] [Thin Banner] Summing Up](https://blog.bcm-institute.org/hs-fs/hubfs/BCM%20Generic%20Banner/%5BBCM%5D%20%5BThin%20Banner%5D%20Summing%20Up.png?width=1920&height=250&name=%5BBCM%5D%20%5BThin%20Banner%5D%20Summing%20Up.png)
The mapping of processes and resources for CBS-10: Self-service Terminal demonstrates the intricate ecosystem that enables Maybank to deliver continuous and secure banking services through its ATM and CDM networks.
Each Sub-CBS relies on a complex integration of people, processes, technology, and third parties, with significant interdependencies across core banking systems, card networks, and infrastructure providers.
By identifying these dependencies and systematically mapping them, Maybank can strengthen operational resilience through improved scenario testing, contingency planning, and targeted investment in risk mitigation.
This proactive approach ensures customers continue to have access to essential banking services, even during severe but plausible disruptions, thus safeguarding trust and confidence in the bank’s digital and self-service channels.
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the [OR-3] OR-300 Operational Resilience Implementer course and the [OR-5] OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
