How are transactions on ATMs and their banks typically synchronized?
-
07-02-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
There are points of failure:
- ATM gives money then send a deduction request to it's bank. What happens, if the request will fail? the user got the money but his account hasn't been deducted - fail.
- ATM send a deduction request to it's bank, bank deduct the value, send a request back to ATM, the request fail (disappear). the user was deducted but hasn't got his money - fail
Who knows the solution used in real life?
Solution
Disclaimer: For the following part, I'm saying most, because I obviously don't have experience with all banking systems.
Just like any system which needs to be really fast, even banks are eventually consistent. When you're implementing such system, you really want it to be online as much as possible. Any possible downtime will hurt your business, because you're delaying the customer in whichever situation they currently are. And believe me, slowly responding banking system is a really awful experience also for retailers. It hurts everyone.
To stay as available and fast as possible, most ATMs and/or card terminals don't verify your balance and process the transaction against the master in real time. With the amount of transactions, that would flood the system.
The owners of banks know that, the majority of requests to withdraw money from ATM or to issue a card transaction are going to succeed. Because of this, when you do actually want to withdraw money from ATM, the machine pings the bank's very quick and scalable read model to very quickly check if you have the desired amount or not. Know that this ping is done on a replica and thus may not be in real-time sync with the master.
Once the ping is done and your status is verified, the ATM notes that you have made a withdrawal and dispenses the money. Every configured period the ATM then collects all withdrawals made and sends them to appropriate authorities.
Some ATMs might be (and usually are) more complex, remember some information about your account from the card, so that they don't have to ping the bank every time. Thanks to this, the ATM alone usually prevents you from withdrawing $500 and $500 right after when your account would only contain e.g. $501 - in this case the first withdrawal is fine, the second is not, because the ATM remembers you had $501, have withdrawn $500 so your theoretical balance is $1. Obviously, if the ATM is one of the dumber ones which ping banking association every time, the replica is still likely to reply with $501 even on the second withdrawal and even the second withdrawal will be allowed. But this is still not a problem.
Because banks actually don't mind you to go into negative balance, they even allow these temporary hiccups and implement a reporting system which notifies administrators and support in a case when someone's balance becomes negative. This in turn may trigger other processes, such as starting to bill your for the time of having a negative account balance,...
While banking might seem really strict and feels like every single operation must be consistent, availability is a much more important aspect when it comes to banking, therefore banks are programmed that way.
To answer your questions directly:
ATM gives money then send a deduction request to it's bank. What happens, if the request will fail? the user got the money but his account hasn't been deducted - fail.
To prevent this problem, the ATMs are implemented to record both withdrawal request (containing information about how much you want to withdraw) and event about withdrawal completion.
When the WithdrawalRequested event is stored, the ATM starts giving you the money. If it dies right after giving you the money but before storing the WithdrawalCompleted event, this is not a problem.
- After a reboot the ATM will in some way sum all made successful withdrawals, subtract the sum value from original amount of money inserted into the ATM,
- The ATM will find inconsistency, that it's in fact missing $500, find all entities without
WithdrawalCompletedevent, and if there's an incomplete request it [ATM] will simply complete it.
Ad 2. If the ATM is unable to find a matching withdrawal, it sends a report to authorities that this has happened and it will have to be investigated.
Now, if you do request withdrawal and the ATM dies before even recording the WithdrawalRequested event, this is not a problem, simply nothing will happen. But if the ATM dies between storing WithdrawalRequested and actually giving you money, as before, after reboot measurements need to be made that the request is not actually sent to authorities, once again by verifying the current state of money in the ATM - in this case the money would match amount of sum of completed withdrawals subtracted from original amount of funds and the request will be simply discarded (still possibly notifying someone that the problem has occurred).
ATM send a deduction request to it's bank, bank deduct the value, send a request back to ATM, the request fail (disappear). the user was deducted but hasn't got his money - fail
This situation will never happen since the ATMs do not issue the command before dispensing the money but after.
OTHER TIPS
Normally, this isn't a transaction between the customer and the bank via the ATM, but rather two separate transactions, one between the customer and the ATM, the other between the ATM and the bank. (Note when using your card abroad, it might not even be possible to reach the bank from the ATM).
One step in that transaction might be the ATM querying the bank account for coverage. Depending on where you are and when you use the ATM, this step might be omitted. The ATM will, however, not give you any money before it could store a temporary transaction to its server (which is not necessarily "the bank").
Once the transaction is completely finished between customer and ATM, the ATM (or, rather, its bank server) will simply send a message to your bank, deducting the money and confirming that transaction.
In case the temporary transaction cannot be finished between the ATM and its back-end server, (ATM dies or data link breaks in exactly this moment), the ATM will shut down, probably eat your card and wait for someone to manually intervene. This is simple, because you can search for such unfinished (timed-out) transactions frequently on the back-end. Whether the customer has received their money or not, in this case, is something only the local ATM log knows. If there's no proof you actually received your money, the bank has to write off this amount. In my country, ATMs have to generate local paper printouts for logging.
