[OR] [MB] [E4] [DP] [CBS] [10] Self-service Terminal

High-Level Critical Business Service

CBS-10 – Self-service Terminal

Overview of Operational Resilience in Maybank

Operational resilience at Maybank is the ability to prevent, adapt to, respond to, recover from, and learn from operational disruptions that may impact critical business services (CBS).

In compliance with Bank Negara Malaysia (BNM) guidelines and global resilience standards, Maybank has identified several CBS areas vital to financial stability and customer trust.

Introduction

In today’s fast-paced banking environment, customers demand instant and convenient access to financial services. Maybank’s Self-Service Terminals (SSTs), encompassing ATMs and self-service kiosks, are critical to ensuring uninterrupted banking operations and customer accessibility.

This chapter explores CBS‑10, a high-level critical business service, focusing on how SSTs contribute to operational resilience, maintain service continuity, and safeguard customer trust.

By examining the detailed sub-processes, readers will gain a clear understanding of how Maybank sustains essential banking functions even during service disruptions.

Summary of Content

This chapter provides a comprehensive breakdown of the SST ecosystem, including authentication methods, transaction processing, and contactless cash withdrawal via the MAE app.

It details deposit management, account inquiries, availability monitoring, security controls, and customer support procedures for service interruptions.

Each sub-critical business service (Sub-CBS) is mapped to its key processes, with emphasis on operational continuity, risk mitigation, and fraud prevention.

The chapter also highlights the integration of digital banking solutions with physical terminals, illustrating Maybank’s strategy to enhance resilience while meeting evolving customer expectations.

Purpose of the Chapter

The purpose of this chapter is to equip readers with a deep understanding of how Maybank’s SSTs function as a critical business service, ensuring continuous service delivery under normal and disrupted conditions.

By the end of this chapter, readers should be able to identify the essential processes that sustain SST operations, understand the controls and monitoring mechanisms in place for operational resilience, and appreciate the role of digital innovations in supporting service continuity.

Overview

This critical service enables customers to conduct banking transactions via self-service channels—including ATMs and kiosks—ensuring accessibility even when branches are unavailable.

Maybank’s SST includes card-based and contactless (via MAE app) functionality.

Sub-Critical Business Services (Sub-CBS) & Business Processes

1. SST Authentication & Access

• Card-based authentication
  • Insert ATM/debit card → Enter PIN → Authenticate.
• Contactless authentication via the MAE app (“ATM Cash-out”)
  • Activate the feature in the MAE app; wait for a 24-hour cooling period
  • At ATM, scan QR code with MAE app → Authenticate via biometric or app PIN → Verify via Secure2u

2. Transaction Processing

• Withdrawal / Cash-out
  • User selects amount → Confirm account → ATM dispenses cash.
  • For contactless, it follows a similar flow after mobile authorisation
• Deposit (Cash / Cheque)
  • Insert deposit into appropriate slot; machine counts; issues receipt.
  • If interrupted (e.g., “service interrupted”), reconciles and investigates—refunded if confirmed.
• Account Enquiry / Mini-Statement
  • Request balance/statement, authenticate, display, and optionally print.

3. Contactless Feature Activation & Management

• Navigate within the MAE app: select “ATM Cash-out” → Authenticate with M2U credentials → Accept T&Cs → Approve via Secure2u → Feature activates after cooling period.
• Receive SMS/push notification once activated
• Daily limits are shared between card and Cash-out; no extra fees

4. ATM Availability & Status Monitoring

• Service availability: Ensure ATM operational status, including contactless readiness (as indicated on the machine).
• Notifications: Notify customers during system downtime—for instance, Maybank alerted the public to POS-terminal maintenance in May 2025
• Incident handling: Provide alternative channels (e.g., branch, other ATMs) during downtime.

5. Security & Resilience Controls

• Security measures: Use secure authentication (PIN, biometric, Secure2u), with cooling periods to mitigate fraud
• Incident response & DR: Implement incident response procedures, disaster recovery exercises, and monitoring via RSOC / CIC
• Fraud handling: Offer customer redress and monitoring for suspicious activity

6. Customer Support & Remediation

• Provide support for unsuccessful or interrupted transactions (e.g., deposit issues) via call centre and resolution procedures
• In case of service failures (e.g., outage affecting SSTs), communicate via alerts and ensure timely recovery

Table: Sub-CBS & Processes for CBF-10

Why This Matters for Operational Resilience

1. Redundancy & Continuity: Multiple SST channels (card versus contactless; multiple ATMs) offer service availability even when one channel fails.
2. Security Safeguards: Use of Secure2u, cooling-off periods, and RSOC/CIC threat monitoring enhances protection against fraud.
3. Incident Preparedness: DR exercises, system monitoring, and communication workflows ensure prompt recovery from outages.
4. Customer Assurance: Clear support channels and transactional transparency underpin trust during disruptions.

Maybank’s Self-Service Terminals are a vital pillar of the bank’s operational resilience, bridging physical and digital banking channels.

Through detailed sub-process analysis, this chapter has demonstrated how SSTs maintain high availability, secure transaction processing, and rapid incident response.

By understanding these processes, readers gain insights into the mechanisms that enable Maybank to provide reliable, secure, and convenient banking services, even in the face of potential disruptions.

SSTs thus exemplify the integration of technology, process management, and risk mitigation in modern banking operations.

 

Operational Resilience in Action: Case Studies and Best Practices for MayBank
eBook 4: Starting Your OR Implementation
CBS-10 Self-service Terminal
CBS-10 DP	CBS-10 MD	CBS-10 MPR	CBS-10 ITo	CBS-10 SuPS	CBS-10 ST

---

Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.

 

More Information About OR-5000 [OR-5] or OR-300 [OR-3]

To learn more about the course and schedule, click the buttons below for the [OR-3] OR-300 Operational Resilience Implementer course and the [OR-5] OR-5000 Operational Resilience Expert Implementer course.

	If you have any questions, click to contact us.