![BB OR [A] 6](https://blog.bcm-institute.org/hs-fs/hubfs/BB%20OR%20%5BAi%20Gen%20Blog%20Photo%5D/OR%20Pictures%20A/BB%20OR%20Folder%20A/BB%20OR%20%5BA%5D%206.jpg?width=2000&height=1333&name=BB%20OR%20%5BA%5D%206.jpg "BB OR [A] 6")
Severe but Plausible Scenarios
CBS-10 – Self-service Terminal
Introduction
Self-service terminals (SSTs), including automated teller machines (ATMs), cash deposit machines, and self-service kiosks, form a critical component of Maybank’s retail banking services.
They provide customers with 24/7 access to essential banking functions, including withdrawals, deposits, account inquiries, and card-related services.
As Critical Business Services (CBSs), SSTs must remain resilient against a range of operational, cyber, and technology-related threats. Identifying severe but plausible scenarios allows Maybank to anticipate disruptions, prepare mitigation measures, and align with regulatory requirements for operational resilience.
This section outlines severe yet realistic scenarios for each sub-process under CBS-10: Self-service Terminal, and links them to cyber and ICT risk integration and proactive risk management actions.
Table: Severe but Plausible Scenarios for CBS-10
|
Sub-CBS Code |
Sub-CBS |
Severe but Plausible Scenario |
Integration of Cyber & ICT Risks |
Evidence of Proactive Risk Management Action |
|
10-1 |
Authentication & Access |
Large-scale credential-skimming attack in which fraudsters install advanced skimming/malware devices on multiple ATMs across Malaysia. |
Cyber risk: compromised card/PIN data; ICT risk: malware injection on terminal OS. |
Deployment of anti-skimming devices, biometric authentication trials, and regular penetration testing. |
|
10-2 |
Withdrawal (Card & Contactless) |
Massive service outage due to switch/network provider disruption during peak holiday season, preventing withdrawals nationwide. |
ICT risk: switch failure; Cyber risk: DDoS on transaction switch. |
Dual-site switch redundancy, transaction rerouting protocols, and real-time DDoS monitoring. |
|
10-3 |
Deposit & Inquiry |
Cash deposit fraud involving counterfeit currency undetected by machines, followed by simultaneous malware injection to manipulate balance inquiries. |
Cyber risk: malware manipulating inquiry data; ICT risk: hardware integrity failure in deposit validation. |
Enhanced counterfeit detection systems, machine learning anomaly detection, and forensic monitoring of transaction logs. |
|
10-4 |
Activation & Setup (Cash-out) |
Widespread “jackpotting” attacks where criminals force ATMs to dispense cash through malware or unauthorized access to cash loaders. |
Cyber risk: ATM malware/jackpotting; ICT risk: compromise of cash management system. |
Endpoint hardening, remote terminal isolation capabilities, and red-teaming simulations on cash-out attacks. |
|
10-5 |
Availability Management |
Power grid failure or telecommunication blackout in key urban areas (e.g., Kuala Lumpur), leaving large clusters of ATMs unavailable. |
ICT risk: dependency on telco & power; Cyber risk: ransomware targeting ATM network availability. |
Backup power sources, multiple telco routing, and ransomware tabletop exercises. |
|
10-6 |
Security & Resilience |
Coordinated cyber-physical attack where terminals are simultaneously vandalized and subjected to malware attacks, overwhelming response capacity. |
Cyber risk: coordinated malware deployment; ICT risk: physical resilience breach. |
Integrated SOC + physical security monitoring, geo-tracking of incidents, and emergency dispatch protocols. |
|
10-7 |
Customer Support & Recovery |
Surge in customer complaints due to fraudulent withdrawals linked to ATM compromise, overwhelming call centres and digital helpdesks. |
Cyber risk: phishing/social engineering post-ATM compromise; ICT risk: overload of support infrastructure. |
AI-driven call deflection, trained incident response playbooks, and crisis communication templates. |
![[BCM] [Thin Banner] Summing Up](https://blog.bcm-institute.org/hs-fs/hubfs/BCM%20Generic%20Banner/%5BBCM%5D%20%5BThin%20Banner%5D%20Summing%20Up.png?width=1920&height=250&name=%5BBCM%5D%20%5BThin%20Banner%5D%20Summing%20Up.png)
The identification of severe but plausible scenarios for CBS-10: Self-service Terminal ensures Maybank is prepared to manage a broad spectrum of risks, from cyber-enabled fraud to large-scale operational disruptions.
By integrating cyber and ICT risk considerations, Maybank enhances its ability to anticipate interconnected vulnerabilities across self-service channels.
Evidence of proactive risk management, such as anti-skimming technology, redundancy protocols, and incident simulations, demonstrates commitment to customer trust and regulatory expectations.
Ultimately, scenario identification is not only a regulatory requirement but also a cornerstone of operational resilience, ensuring that critical banking services remain available and secure under severe conditions.
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the [OR-3] OR-300 Operational Resilience Implementer course and the [OR-5] OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
